From e01ed75fe8ff7df066427807f0d07dc0a4e1adde Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sat, 24 May 2025 22:22:42 +0200 Subject: [PATCH 01/94] feat: apply base repo --- .../gitea/helmrelease.yaml | 0 .../gitea/helmrepository.yaml | 0 .../gitea/kustomization.yaml | 0 {infrastructure => apps}/gitea/namespace.yaml | 0 infrastructure/cert-manager/helmrelease.yaml | 14 +++++ .../cert-manager/helmrepository.yaml | 8 +++ .../{cnpg => cert-manager}/namespace.yaml | 2 +- infrastructure/cnpg/helmrelease-cluster.yaml | 62 ------------------- infrastructure/cnpg/helmrelease-operator.yaml | 16 ----- infrastructure/cnpg/helmrepository.yaml | 8 --- infrastructure/cnpg/kustomization.yaml | 6 -- infrastructure/gitea-runner/helmrelease.yaml | 30 --------- .../gitea-runner/helmrepository.yaml | 8 --- .../gitea-runner/kustomization.yaml | 5 -- infrastructure/gitea-runner/namespace.yaml | 0 infrastructure/kustomization.yaml | 9 +-- infrastructure/longhorn/helmrelease.yaml | 23 ------- infrastructure/longhorn/helmrepository.yaml | 8 --- infrastructure/longhorn/kustomization.yaml | 7 --- infrastructure/longhorn/longhorn-ingress.yaml | 19 ------ infrastructure/longhorn/namespace.yaml | 4 -- infrastructure/sonarqube/helmrelease.yaml | 35 ----------- infrastructure/sonarqube/helmrepository.yaml | 8 --- infrastructure/sonarqube/kustomization.yaml | 6 -- infrastructure/sonarqube/namespace.yaml | 4 -- 25 files changed, 25 insertions(+), 257 deletions(-) rename {infrastructure => apps}/gitea/helmrelease.yaml (100%) rename {infrastructure => apps}/gitea/helmrepository.yaml (100%) rename {infrastructure => apps}/gitea/kustomization.yaml (100%) rename {infrastructure => apps}/gitea/namespace.yaml (100%) create mode 100644 infrastructure/cert-manager/helmrelease.yaml create mode 100644 infrastructure/cert-manager/helmrepository.yaml rename infrastructure/{cnpg => cert-manager}/namespace.yaml (66%) delete mode 100644 infrastructure/cnpg/helmrelease-cluster.yaml delete mode 100644 infrastructure/cnpg/helmrelease-operator.yaml delete mode 100644 infrastructure/cnpg/helmrepository.yaml delete mode 100644 infrastructure/cnpg/kustomization.yaml delete mode 100644 infrastructure/gitea-runner/helmrelease.yaml delete mode 100644 infrastructure/gitea-runner/helmrepository.yaml delete mode 100644 infrastructure/gitea-runner/kustomization.yaml delete mode 100644 infrastructure/gitea-runner/namespace.yaml delete mode 100644 infrastructure/longhorn/helmrelease.yaml delete mode 100644 infrastructure/longhorn/helmrepository.yaml delete mode 100644 infrastructure/longhorn/kustomization.yaml delete mode 100644 infrastructure/longhorn/longhorn-ingress.yaml delete mode 100644 infrastructure/longhorn/namespace.yaml delete mode 100644 infrastructure/sonarqube/helmrelease.yaml delete mode 100644 infrastructure/sonarqube/helmrepository.yaml delete mode 100644 infrastructure/sonarqube/kustomization.yaml delete mode 100644 infrastructure/sonarqube/namespace.yaml diff --git a/infrastructure/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml similarity index 100% rename from infrastructure/gitea/helmrelease.yaml rename to apps/gitea/helmrelease.yaml diff --git a/infrastructure/gitea/helmrepository.yaml b/apps/gitea/helmrepository.yaml similarity index 100% rename from infrastructure/gitea/helmrepository.yaml rename to apps/gitea/helmrepository.yaml diff --git a/infrastructure/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml similarity index 100% rename from infrastructure/gitea/kustomization.yaml rename to apps/gitea/kustomization.yaml diff --git a/infrastructure/gitea/namespace.yaml b/apps/gitea/namespace.yaml similarity index 100% rename from infrastructure/gitea/namespace.yaml rename to apps/gitea/namespace.yaml diff --git a/infrastructure/cert-manager/helmrelease.yaml b/infrastructure/cert-manager/helmrelease.yaml new file mode 100644 index 0000000..992bb84 --- /dev/null +++ b/infrastructure/cert-manager/helmrelease.yaml @@ -0,0 +1,14 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cert-manager + namespace: cert-manager +spec: + chart: + spec: + chart: cert-manager + sourceRef: + kind: HelmRepository + name: cert-manager + values: + installCRDs: true diff --git a/infrastructure/cert-manager/helmrepository.yaml b/infrastructure/cert-manager/helmrepository.yaml new file mode 100644 index 0000000..5bd9630 --- /dev/null +++ b/infrastructure/cert-manager/helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 1h + url: https://charts.jetstack.io diff --git a/infrastructure/cnpg/namespace.yaml b/infrastructure/cert-manager/namespace.yaml similarity index 66% rename from infrastructure/cnpg/namespace.yaml rename to infrastructure/cert-manager/namespace.yaml index 8deac4c..c90416f 100644 --- a/infrastructure/cnpg/namespace.yaml +++ b/infrastructure/cert-manager/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: cnpg-system + name: cert-manager diff --git a/infrastructure/cnpg/helmrelease-cluster.yaml b/infrastructure/cnpg/helmrelease-cluster.yaml deleted file mode 100644 index ec82d5e..0000000 --- a/infrastructure/cnpg/helmrelease-cluster.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 # Oder v2beta1 -kind: HelmRelease -metadata: - name: shared-postgres-cluster - namespace: cnpg-system # Oder ein anderer Namespace für die Datenbank selbst, z.B. 'database' -spec: - interval: 10m - chart: - spec: - chart: cluster # Dies ist der Chart für den Cluster selbst - # version: "" # Finde die passende Version auf ArtifactHub - sourceRef: - kind: HelmRepository - name: cnpg # Das zuvor definierte Repository - namespace: flux-system - interval: 1m - values: - # Cluster Konfiguration - # Name des Clusters, der im cnpg-system Namespace erstellt wird - name: shared-pg - # Anzahl der Instanzen (für Hochverfügbarkeit anpassen) - instances: 3 - # Storage Konfiguration (Longhorn verwenden, wie in deinen anderen Setups) - storage: - size: "10Gi" # Gesamtgröße für den Cluster, anpassen nach Bedarf - storageClass: "longhorn" # Deine Longhorn StorageClass - # PostgreSQL Version (prüfe Kompatibilität mit deinen Anwendungen) - # postgresql: - # imageName: "ghcr.io/cloudnative-pg/postgresql:15.3" # Beispiel - - # Wichtig: Konfiguriere Backups! Hier nicht im Detail gezeigt. - # backup: - # barmanObjectStore: - # ... - - # Monitoring (optional, aber empfohlen) - # monitoring: - # enablePodMonitor: true - - # Initiale Datenbanken und Benutzer (optional, kann auch manuell oder per Job erfolgen) - # Beachte, dass du für jede Anwendung (Gitea, SonarQube) eigene Datenbanken und Benutzer - # in diesem geteilten Cluster benötigst. CloudNativePG kann Benutzer verwalten. - # Beispiel für einen initialen Benutzer (NICHT für Anwendungen direkt verwenden, - # sondern spezifische Benutzer pro Anwendung erstellen) - # bootstrap: - # initdb: - # database: app_db_1 # Beispiel: Gitea DB - # owner: app_user_1 # Beispiel: Gitea User - # # Weitere Datenbanken hier - # - # # Deklarative Rollen/Benutzer - # postgresql: - # managed: - # roles: - # - name: gitea_user - # # passwordSecret: # Besser ein Secret verwenden - # # name: gitea-db-credentials - # # key: password - # - name: sonarqube_user - # # passwordSecret: - # # name: sonarqube-db-credentials - # # key: password diff --git a/infrastructure/cnpg/helmrelease-operator.yaml b/infrastructure/cnpg/helmrelease-operator.yaml deleted file mode 100644 index 147ebfe..0000000 --- a/infrastructure/cnpg/helmrelease-operator.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cnpg-operator - namespace: cnpg-system -spec: - interval: 10m - chart: - spec: - chart: cloudnative-pg - version: "0.23.2" - sourceRef: - kind: HelmRepository - name: cnpg - namespace: flux-system - interval: 1m diff --git a/infrastructure/cnpg/helmrepository.yaml b/infrastructure/cnpg/helmrepository.yaml deleted file mode 100644 index fa469e7..0000000 --- a/infrastructure/cnpg/helmrepository.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 # Oder v1 je nach deiner Flux-Version -kind: HelmRepository -metadata: - name: cnpg - namespace: flux-system -spec: - interval: 1h - url: https://cloudnative-pg.io/charts diff --git a/infrastructure/cnpg/kustomization.yaml b/infrastructure/cnpg/kustomization.yaml deleted file mode 100644 index 9923fdf..0000000 --- a/infrastructure/cnpg/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespace.yaml - - helmrepository.yaml - - helmrelease-operator.yaml diff --git a/infrastructure/gitea-runner/helmrelease.yaml b/infrastructure/gitea-runner/helmrelease.yaml deleted file mode 100644 index e5a1976..0000000 --- a/infrastructure/gitea-runner/helmrelease.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: gitea-act-runner - namespace: gitea -spec: - releaseName: gitea-act-runner - interval: 10m - chart: - spec: - chart: gitea-act-runner - version: "0.5.2" - sourceRef: - kind: HelmRepository - name: gitea-charts - namespace: flux-system - values: - provisioning: - enabled: true - # Gitea-URL wie im Cluster erreichbar (interner Service-Name!) - serverURL: "http://gitea-http.gitea.svc.cluster.local:3000" - # Admin-Zugangsdaten wie oben im Gitea-Chart gesetzt - adminUser: "giteaadmin" - # adminPassword: "changeme" - adminPassword: "F3l1x-230113?" - rbac: - create: true - # Optional: Runner-Name, falls du mehrere Runner willst - runner: - labels: ["k3s", "fluxcd"] diff --git a/infrastructure/gitea-runner/helmrepository.yaml b/infrastructure/gitea-runner/helmrepository.yaml deleted file mode 100644 index aa6700e..0000000 --- a/infrastructure/gitea-runner/helmrepository.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: gitea-charts - namespace: flux-system -spec: - url: https://dl.gitea.io/charts/ - interval: 1h diff --git a/infrastructure/gitea-runner/kustomization.yaml b/infrastructure/gitea-runner/kustomization.yaml deleted file mode 100644 index d7fbb03..0000000 --- a/infrastructure/gitea-runner/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helmrepository.yaml - - helmrelease.yaml diff --git a/infrastructure/gitea-runner/namespace.yaml b/infrastructure/gitea-runner/namespace.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 620a250..0fb1baa 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -1,9 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - monitoring/ - - longhorn/ - - gitea/ - # - gitea-runner/ - # - sonarqube/ - - cnpg +# resources: + # - monitoring/ diff --git a/infrastructure/longhorn/helmrelease.yaml b/infrastructure/longhorn/helmrelease.yaml deleted file mode 100644 index 695713b..0000000 --- a/infrastructure/longhorn/helmrelease.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: longhorn - namespace: longhorn-system -spec: - releaseName: longhorn - chart: - spec: - chart: longhorn - version: "1.8.1" - sourceRef: - kind: HelmRepository - name: longhorn - namespace: flux-system - interval: 5m - install: - createNamespace: true - values: - defaultSettings: - defaultReplicaCount: 2 - persistence: - defaultClassReplicaCount: 2 diff --git a/infrastructure/longhorn/helmrepository.yaml b/infrastructure/longhorn/helmrepository.yaml deleted file mode 100644 index 2a21432..0000000 --- a/infrastructure/longhorn/helmrepository.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: longhorn - namespace: flux-system -spec: - url: https://charts.longhorn.io - interval: 10m diff --git a/infrastructure/longhorn/kustomization.yaml b/infrastructure/longhorn/kustomization.yaml deleted file mode 100644 index c454170..0000000 --- a/infrastructure/longhorn/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespace.yaml - - helmrepository.yaml - - helmrelease.yaml - - longhorn-ingress.yaml diff --git a/infrastructure/longhorn/longhorn-ingress.yaml b/infrastructure/longhorn/longhorn-ingress.yaml deleted file mode 100644 index ce7f130..0000000 --- a/infrastructure/longhorn/longhorn-ingress.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: longhorn-ui - namespace: longhorn-system - annotations: - kubernetes.io/ingress.class: "traefik" -spec: - rules: - - host: longhorn.local - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: longhorn-frontend - port: - number: 80 diff --git a/infrastructure/longhorn/namespace.yaml b/infrastructure/longhorn/namespace.yaml deleted file mode 100644 index 9ac9395..0000000 --- a/infrastructure/longhorn/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: longhorn-system diff --git a/infrastructure/sonarqube/helmrelease.yaml b/infrastructure/sonarqube/helmrelease.yaml deleted file mode 100644 index 9544394..0000000 --- a/infrastructure/sonarqube/helmrelease.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: sonarqube - namespace: sonarqube -spec: - interval: 10m - chart: - spec: - chart: sonarqube - version: "2025.2.0" - sourceRef: - kind: HelmRepository - name: sonarqube - namespace: flux-system - values: - community: - enabled: true - monitoringPasscode: "supersecret123" - persistence: - enabled: true - storageClass: longhorn - size: 5Gi - postgresql: - enabled: true - persistence: - enabled: true - storageClass: longhorn - size: 2Gi - ingress: - enabled: true - hosts: - - name: sonarqube.local - path: / - ingressClassName: traefik diff --git a/infrastructure/sonarqube/helmrepository.yaml b/infrastructure/sonarqube/helmrepository.yaml deleted file mode 100644 index 5d2cb5a..0000000 --- a/infrastructure/sonarqube/helmrepository.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: sonarqube - namespace: flux-system -spec: - url: https://SonarSource.github.io/helm-chart-sonarqube - interval: 1h diff --git a/infrastructure/sonarqube/kustomization.yaml b/infrastructure/sonarqube/kustomization.yaml deleted file mode 100644 index b4a3d7c..0000000 --- a/infrastructure/sonarqube/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespace.yaml - - helmrepository.yaml - - helmrelease.yaml diff --git a/infrastructure/sonarqube/namespace.yaml b/infrastructure/sonarqube/namespace.yaml deleted file mode 100644 index f18e1e9..0000000 --- a/infrastructure/sonarqube/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: sonarqube From 4ffca67600cc4c99f3ca44b0ceae3e83a8339a7b Mon Sep 17 00:00:00 2001 From: Flux <> Date: Sat, 24 May 2025 22:23:07 +0200 Subject: [PATCH 02/94] Add Flux sync manifests --- clusters/production/flux-system/gotk-sync.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/production/flux-system/gotk-sync.yaml b/clusters/production/flux-system/gotk-sync.yaml index 6f4c2dc..2bff95b 100644 --- a/clusters/production/flux-system/gotk-sync.yaml +++ b/clusters/production/flux-system/gotk-sync.yaml @@ -8,7 +8,7 @@ metadata: spec: interval: 1m0s ref: - branch: main + branch: homelab-prod secretRef: name: flux-system url: https://codeberg.org/Pata1704/homelab_gitops.git From 640bc5d4761ac09777c7006d06a1424b3166bb4a Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sat, 24 May 2025 22:32:11 +0200 Subject: [PATCH 03/94] fix: fix flux bootstrap error --- infrastructure/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 0fb1baa..4fb936b 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -# resources: +resources: [] # - monitoring/ From adc9d0ce968dba92c1c476a687ae55d08a3bf4e6 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 11:56:29 +0200 Subject: [PATCH 04/94] ci: deploy cert-manager v1.17.2 via fluxcd --- .../cert-manager/configmap-values.yaml | 9 +++++ infrastructure/cert-manager/helmrelease.yaml | 18 +++++++-- .../cert-manager/helmrepository.yaml | 4 +- .../kustomization-cert-manager.yaml | 19 +++++++++ notes/cert-manager.md | 40 +++++++++++++++++++ 5 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 infrastructure/cert-manager/configmap-values.yaml create mode 100644 infrastructure/kustomization-cert-manager.yaml create mode 100644 notes/cert-manager.md diff --git a/infrastructure/cert-manager/configmap-values.yaml b/infrastructure/cert-manager/configmap-values.yaml new file mode 100644 index 0000000..a089e12 --- /dev/null +++ b/infrastructure/cert-manager/configmap-values.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cert-manager-helm-values + namespace: cert-manager +data: + values.yaml: | + installCRDs: true + diff --git a/infrastructure/cert-manager/helmrelease.yaml b/infrastructure/cert-manager/helmrelease.yaml index 992bb84..8afa921 100644 --- a/infrastructure/cert-manager/helmrelease.yaml +++ b/infrastructure/cert-manager/helmrelease.yaml @@ -1,14 +1,24 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: cert-manager namespace: cert-manager spec: + interval: 15m chart: spec: chart: cert-manager + version: v1.17.2 sourceRef: kind: HelmRepository - name: cert-manager - values: - installCRDs: true + name: jetstack + namespace: flux-system + releaseName: cert-manager + valuesFrom: + - kind: ConfigMap + name: cert-manager-helm-values + valuesKey: values.yaml + install: + crds: CreateReplace + upgrade: + crds: CreateReplace diff --git a/infrastructure/cert-manager/helmrepository.yaml b/infrastructure/cert-manager/helmrepository.yaml index 5bd9630..c915c48 100644 --- a/infrastructure/cert-manager/helmrepository.yaml +++ b/infrastructure/cert-manager/helmrepository.yaml @@ -1,8 +1,8 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: cert-manager + name: jetstack namespace: flux-system spec: - interval: 1h + interval: 30m url: https://charts.jetstack.io diff --git a/infrastructure/kustomization-cert-manager.yaml b/infrastructure/kustomization-cert-manager.yaml new file mode 100644 index 0000000..9c3aa61 --- /dev/null +++ b/infrastructure/kustomization-cert-manager.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 15m + path: ./infrastructure/cert-manager + prune: true + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: [] + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: cert-manager + namespace: cert-manager + diff --git a/notes/cert-manager.md b/notes/cert-manager.md new file mode 100644 index 0000000..338b3ae --- /dev/null +++ b/notes/cert-manager.md @@ -0,0 +1,40 @@ +# Schritt 1: cert-manager v1.17.2 mit FluxCD deployen + +## Verzeichnisstruktur +infrastructure/ + cert-manager/ + namespace.yaml + helmrepository.yaml + configmap-values.yaml + helmrelease.yaml + kustomization-cert-manager.yaml + +## Vorgehen + +1. YAML-Dateien wie oben beschrieben im Git-Repository anlegen. +2. Änderungen committen und pushen: +```bash + git add infrastructure/cert-manager/* + git add infrastructure/kustomization-cert-manager.yaml + git commit -m "Deploy cert-manager v1.17.2 via FluxCD" + git push origin main +``` + +3. Flux synchronisiert automatisch. Manuelles Triggern: +```bash + flux reconcile source git flux-system + flux get kustomizations + kubectl -n cert-manager get pods +``` + +4. Prüfen, ob cert-manager läuft: +```bash + kubectl -n cert-manager get pods + kubectl -n cert-manager get deployments +``` + +5. Fehlerdiagnose: +```bash + flux logs + kubectl -n cert-manager logs deploy/cert-manager +``` From 72dd5de86c98a0940a10bee7a2fa21a9bb19ad79 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 12:02:29 +0200 Subject: [PATCH 05/94] fix: fix cert-manager deployment by adding cert-manager dir to flux deployments --- .../cert-manager/kustomization.yaml | 7 +++++++ .../kustomization-cert-manager.yaml | 19 ------------------- infrastructure/kustomization.yaml | 3 ++- 3 files changed, 9 insertions(+), 20 deletions(-) create mode 100644 infrastructure/cert-manager/kustomization.yaml delete mode 100644 infrastructure/kustomization-cert-manager.yaml diff --git a/infrastructure/cert-manager/kustomization.yaml b/infrastructure/cert-manager/kustomization.yaml new file mode 100644 index 0000000..35dea7b --- /dev/null +++ b/infrastructure/cert-manager/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - helmrepository.yaml + - helmrelease.yaml + - configmap-values.yaml diff --git a/infrastructure/kustomization-cert-manager.yaml b/infrastructure/kustomization-cert-manager.yaml deleted file mode 100644 index 9c3aa61..0000000 --- a/infrastructure/kustomization-cert-manager.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cert-manager - namespace: flux-system -spec: - interval: 15m - path: ./infrastructure/cert-manager - prune: true - sourceRef: - kind: GitRepository - name: flux-system - dependsOn: [] - healthChecks: - - apiVersion: apps/v1 - kind: Deployment - name: cert-manager - namespace: cert-manager - diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 4fb936b..29c82b2 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: [] +resources: + - cert-manager/ # - monitoring/ From e644b3e4339a55dd4c04565c5c7d7b9f246eb985 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 12:39:32 +0200 Subject: [PATCH 06/94] ci: add hetzner dns api token secret (encrypted with sops) --- .sops.yaml | 4 + .../hetzner-dns-api-token-secret.yaml | 35 ++++++++ notes/sops-and-hetzner-secret.md | 84 +++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 .sops.yaml create mode 100644 infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml create mode 100644 notes/sops-and-hetzner-secret.md diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..a306b2c --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,4 @@ +creation_rules: + - encrypted_regex: '^(data|stringData)$' + path_regex: \.yaml$ + pgp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 diff --git a/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml new file mode 100644 index 0000000..e8732d5 --- /dev/null +++ b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hetzner-dns-api-token + namespace: cert-manager +type: Opaque +stringData: + token: ENC[AES256_GCM,data:/q+htxkBlasprvVO3GjL8EAmNGLBZcqd4k96c/eVU3Y=,iv:pOJc+J8Q0rnPprkp372CcQDQ0RO0ENKLPqmnf3KzXQk=,tag:Rw6S+CzTJ3VlOckOLZ4naA==,type:str] +sops: + lastmodified: "2025-05-25T10:35:11Z" + mac: ENC[AES256_GCM,data:tHl5WGev15r18SbtIeyx0Xs3VgrG1OejsyxCC29CC1XabQn5Xx3E2VKsMUfpKyzQY0OIICttqRGlWRqVBCZEDZqNrohzS3gbyK9lXAbLGTsYbUTHWsjdDPzMpfa+bxmNfbrBkNjG60gMNvXygCywVi7JM2YSJVOomq1KUAhn69Y=,iv:LJqNhjtcU4f5gNUElvUrZpmwH5IwkDABC45HxOIYXDU=,tag:q/Yox5t//+yLPq7GQeUMFQ==,type:str] + pgp: + - created_at: "2025-05-25T10:35:11Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklAQ/+K+G06VtrtojKTRADKvXKKF+KI2ishkmOLnQNblMhRy10 + cJeyfXrQ6HLaqVAh+3/2IUNb85Y/udfFHH6GuCrnib4QwJU1+u/rh1h11BDTKJMO + y5mkGZuu1mEp30sSSbEYlk4FMoklqsA2SPIb1ofYi5M+Iz1eMWeJyUy6mMvrClYw + y2EQ+9+39o4sO/KTg6RI6uF/BDgL/qo9PBg4IGXS6KQYiQdzOKslxZRXdKren5ll + /AA0BWj4pciytuWI3Rp2dfd4Odk+hf/fnk8vyki0snDlR0GP4hKifxseoOHnHVor + Rxp4bb3uUwpZ0yi3yn8/IwC797ZwcefyNTDm7UACmmUvJBYEdul5YdhFXVAtENst + fYIGuI2Ypkky4klu1QRkrzSwqztuIZ5O5o16rn3McPycXh9ftxELnPE0rQz+4ee3 + bcy9FK8b9fsgc3YgqqfDYuXyoyA90pDRl+x+Ejng089pA2I1yes1pT+vMaxfFpvj + mulzhlTdc63xNWzqQQ9Zdk7z239pgvrtVI6bQDSDlLT8qcLAhqBf6lCcAL6tqUJy + wpbiTA4GfB6h26vFOvvvLNhMKn7XeAZUt2PiaZR2Nxdh8slcvVbgBiMcziEugZ2G + Mzq0fzD1EbJsdceTx4hgVop8q40KiFZCFnx1gRrlH8sUrF92NPa14skaAtHsHozU + aAEJAhCW+hNEIFREgHv2QeN/lV7qhjyDiBKWUXKbzILUutR0r5hMfmHAnyen5Ck7 + ROGVrA4EpO9SOr8CxPp0DngmdhpwoWTSE4THENNKV/ggNTzFz6mjulUcEJMcMX5q + M3eLeR38qWQa + =ajdb + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/notes/sops-and-hetzner-secret.md b/notes/sops-and-hetzner-secret.md new file mode 100644 index 0000000..75618e6 --- /dev/null +++ b/notes/sops-and-hetzner-secret.md @@ -0,0 +1,84 @@ +# SOPS für FluxCD einrichten + +## SOPS & GPG installieren +```bash +sudo dnf install gnupg +``` +### Download the binary +```bash +curl -LO https://github.com/getsops/sops/releases/download/v3.10.2/sops-v3.10.2.linux.amd64 +``` + +### Move the binary in to your PATH +```bash +mv sops-v3.10.2.linux.amd64 /usr/local/bin/sops +``` + +### Make the binary executable +```bash +chmod +x /usr/local/bin/sops +``` + +## GPG Key generieren +```bash +export KEY_NAME="k3s.homelab" +export KEY_COMMENT="flux secrets" +gpg --batch --full-generate-key < +``` + +## GPG Key als Kubernetes Secret speichern +```bash +gpg --export-secret-keys --armor "${KEY_FP}" | \ +kubectl create secret generic sops-gpg \ + --namespace=flux-system \ + --from-file=sops.asc=/dev/stdin +``` +## .sops.yaml im Repo anlegen +```bash +cat < .sops.yaml +creation_rules: + - encrypted_regex: '^(data|stringData)$' + path_regex: \.yaml$ + pgp: +EOF +``` + +## Hetzner DNS API Token in Secret-Datei eintragen +```bash +cat < infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: hetzner-dns-api-token + namespace: cert-manager +type: Opaque +stringData: + token: "" +EOF +``` +## Mit SOPS verschlüsseln +```bash +sops -e -i infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml +``` + +## Ins Git-Repo legen und pushen +```bash +git add infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml +git commit -m "Add Hetzner DNS API token secret (encrypted with SOPS)" +git push origin main +``` From 6cacf38b2e4c7f2654b3124bb71b6c7a7f96e049 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 13:07:25 +0200 Subject: [PATCH 07/94] ci: add hetzner-webhook and clusterissuer --- .../helmrelease.yaml | 18 +++++ .../helmrepository.yaml | 8 ++ .../kustomization.yaml | 6 ++ .../cert-manager/kustomization.yaml | 1 + .../letsencrypt-clusterissuer.yaml | 20 +++++ infrastructure/kustomization.yaml | 1 + notes/cert-manager-webhook.md | 79 +++++++++++++++++++ 7 files changed, 133 insertions(+) create mode 100644 infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml create mode 100644 infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml create mode 100644 infrastructure/cert-manager-webhook-hetzner/kustomization.yaml create mode 100644 infrastructure/cert-manager/letsencrypt-clusterissuer.yaml create mode 100644 notes/cert-manager-webhook.md diff --git a/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml b/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml new file mode 100644 index 0000000..c04ee53 --- /dev/null +++ b/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml @@ -0,0 +1,18 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: cert-manager-webhook-hetzner + namespace: cert-manager +spec: + interval: 15m + chart: + spec: + chart: cert-manager-webhook-hetzner + version: 1.3.3 + sourceRef: + kind: HelmRepository + name: vadimkim-cert-manager-webhook-hetzner + namespace: flux-system + values: + groupName: patanix.de + diff --git a/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml b/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml new file mode 100644 index 0000000..d82a2b5 --- /dev/null +++ b/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: vadimkim-cert-manager-webhook-hetzner + namespace: flux-system +spec: + interval: 30m + url: https://vadimkim.github.io/cert-manager-webhook-hetzner diff --git a/infrastructure/cert-manager-webhook-hetzner/kustomization.yaml b/infrastructure/cert-manager-webhook-hetzner/kustomization.yaml new file mode 100644 index 0000000..36e69d3 --- /dev/null +++ b/infrastructure/cert-manager-webhook-hetzner/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helmrepository.yaml + - helmrelease.yaml + diff --git a/infrastructure/cert-manager/kustomization.yaml b/infrastructure/cert-manager/kustomization.yaml index 35dea7b..18bf678 100644 --- a/infrastructure/cert-manager/kustomization.yaml +++ b/infrastructure/cert-manager/kustomization.yaml @@ -5,3 +5,4 @@ resources: - helmrepository.yaml - helmrelease.yaml - configmap-values.yaml + - letsencrypt-clusterissuer.yaml diff --git a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml new file mode 100644 index 0000000..516ccae --- /dev/null +++ b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns +spec: + acme: + email: patryk-hegenberg@outlook.de + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-key + solvers: + - dns01: + webhook: + groupName: patanix.de + solverName: hetzner + config: + apiTokenSecretRef: + name: hetzner-dns-api-token + key: token + diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 29c82b2..1db4b1a 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cert-manager/ + - cert-manager-webhook-hetzner/ # - monitoring/ diff --git a/notes/cert-manager-webhook.md b/notes/cert-manager-webhook.md new file mode 100644 index 0000000..e1367bd --- /dev/null +++ b/notes/cert-manager-webhook.md @@ -0,0 +1,79 @@ +# Schritt: cert-manager-webhook-hetzner (vadimkim) und ClusterIssuer + +## 1. HelmRepository für Webhook anlegen +```bash +cat < infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: vadimkim-cert-manager-webhook-hetzner + namespace: flux-system +spec: + interval: 30m + url: https://vadimkim.github.io/cert-manager-webhook-hetzner +EOF +``` + +## 2. HelmRelease für Webhook anlegen +```bash +cat < infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: cert-manager-webhook-hetzner + namespace: cert-manager +spec: + interval: 15m + chart: + spec: + chart: cert-manager-webhook-hetzner + version: 2.9.0 + sourceRef: + kind: HelmRepository + name: vadimkim-cert-manager-webhook-hetzner + namespace: flux-system + values: + groupName: patanix.de +EOF +``` + +## 3. ClusterIssuer anlegen +```bash +cat < infrastructure/cert-manager/letsencrypt-clusterissuer.yaml +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns +spec: + acme: + email: patryk-hegenberg@outlook.de + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-key + solvers: + - dns01: + webhook: + groupName: patanix.de + solverName: hetzner + config: + apiTokenSecretRef: + name: hetzner-dns-api-token + key: token +EOF +``` + +## 4. Dateien ins Git-Repo legen und pushen +```bash +git add infrastructure/cert-manager-webhook-hetzner/* +git add infrastructure/cert-manager/letsencrypt-clusterissuer.yaml +git commit -m "Add vadimkim cert-manager-webhook-hetzner and ClusterIssuer for patanix.de" +git push origin main +``` + +## 5. Flux synchronisieren und prüfen +```bash +flux reconcile source git flux-system +flux get helmreleases -A +kubectl get pods -n cert-manager +kubectl get clusterissuer +``` From d0d3237349e2f544e42aaa801d4d5ed4d444fe86 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 13:24:36 +0200 Subject: [PATCH 08/94] ci: add test-certificate to certificate retrieval --- .../cert-manager/kustomization.yaml | 1 + .../cert-manager/test-certificate.yaml | 13 ++++++ notes/test-certificate.md | 40 +++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 infrastructure/cert-manager/test-certificate.yaml create mode 100644 notes/test-certificate.md diff --git a/infrastructure/cert-manager/kustomization.yaml b/infrastructure/cert-manager/kustomization.yaml index 18bf678..e5199cc 100644 --- a/infrastructure/cert-manager/kustomization.yaml +++ b/infrastructure/cert-manager/kustomization.yaml @@ -6,3 +6,4 @@ resources: - helmrelease.yaml - configmap-values.yaml - letsencrypt-clusterissuer.yaml + - test-certificate.yaml diff --git a/infrastructure/cert-manager/test-certificate.yaml b/infrastructure/cert-manager/test-certificate.yaml new file mode 100644 index 0000000..2eb49b0 --- /dev/null +++ b/infrastructure/cert-manager/test-certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: test-certificate + namespace: cert-manager +spec: + secretName: test-certificate-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: test.patanix.de + dnsNames: + - test.patanix.de diff --git a/notes/test-certificate.md b/notes/test-certificate.md new file mode 100644 index 0000000..ee91d95 --- /dev/null +++ b/notes/test-certificate.md @@ -0,0 +1,40 @@ +# Test: Zertifikatsausstellung mit cert-manager und Hetzner DNS + +## Test-Zertifikat anlegen +```bash +cat < infrastructure/cert-manager/test-certificate.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: test-certificate + namespace: cert-manager +spec: + secretName: test-certificate-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: test.patanix.de + dnsNames: + - test.patanix.de +EOF +``` + +## Datei ins Repo legen und pushen +```bash +git add infrastructure/cert-manager/test-certificate.yaml +git commit -m "Add test certificate request for test.patanix.de" +git push origin main +``` + +## Status prüfen +```bash +kubectl -n cert-manager get certificate +kubectl -n cert-manager describe certificate test-certificate +kubectl -n cert-manager get secret test-certificate-tls +``` + +# Events und Fehlerdiagnose +```bash +kubectl -n cert-manager get events --sort-by=.metadata.creationTimestamp +kubectl -n cert-manager logs deploy/cert-manager +``` From 67a20d191a607e30d0e096630cd21510d31fc88a Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 13:34:28 +0200 Subject: [PATCH 09/94] fix: fix secret doesnt exist by adding secret.yaml --- infrastructure/cert-manager/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/infrastructure/cert-manager/kustomization.yaml b/infrastructure/cert-manager/kustomization.yaml index e5199cc..2ba721a 100644 --- a/infrastructure/cert-manager/kustomization.yaml +++ b/infrastructure/cert-manager/kustomization.yaml @@ -5,5 +5,6 @@ resources: - helmrepository.yaml - helmrelease.yaml - configmap-values.yaml + - hetzner-dns-api-token-secret.yaml - letsencrypt-clusterissuer.yaml - test-certificate.yaml From f7509a3ddfefc4186c99b083fbfa92393aceb00e Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 13:54:14 +0200 Subject: [PATCH 10/94] fix: try to fix certification by adding secretname to issuer --- .../cert-manager/letsencrypt-clusterissuer.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml index 516ccae..1b272eb 100644 --- a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml +++ b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml @@ -14,7 +14,10 @@ spec: groupName: patanix.de solverName: hetzner config: - apiTokenSecretRef: - name: hetzner-dns-api-token - key: token + secretName: hetzner-dns-api-token + zoneName: patanix.de + apiUrk: https://dns.hetzner.com/api/v1 + # apiTokenSecretRef: + # name: hetzner-dns-api-token + # key: token From 4fd5924fb48f75e0682af9f9cd4637ce6d0c1d56 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 14:03:46 +0200 Subject: [PATCH 11/94] fix: change config field in secret from token to api-key --- .../hetzner-dns-api-token-secret.yaml | 40 +++++++++---------- .../letsencrypt-clusterissuer.yaml | 2 +- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml index e8732d5..65397bd 100644 --- a/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml +++ b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml @@ -1,34 +1,34 @@ apiVersion: v1 kind: Secret metadata: - name: hetzner-dns-api-token + name: hetzner-secret namespace: cert-manager type: Opaque stringData: - token: ENC[AES256_GCM,data:/q+htxkBlasprvVO3GjL8EAmNGLBZcqd4k96c/eVU3Y=,iv:pOJc+J8Q0rnPprkp372CcQDQ0RO0ENKLPqmnf3KzXQk=,tag:Rw6S+CzTJ3VlOckOLZ4naA==,type:str] + api-key: ENC[AES256_GCM,data:iYj5AS1UY77fC7nxk/yctC3f+g59NJ744+DS009kUQM=,iv:J/cKz6M3w5sM04GqJ5K+JwBoOOjaER+arykc60eztCk=,tag:dAnHwnXVEdKHDusu8VgWfA==,type:str] sops: - lastmodified: "2025-05-25T10:35:11Z" - mac: ENC[AES256_GCM,data:tHl5WGev15r18SbtIeyx0Xs3VgrG1OejsyxCC29CC1XabQn5Xx3E2VKsMUfpKyzQY0OIICttqRGlWRqVBCZEDZqNrohzS3gbyK9lXAbLGTsYbUTHWsjdDPzMpfa+bxmNfbrBkNjG60gMNvXygCywVi7JM2YSJVOomq1KUAhn69Y=,iv:LJqNhjtcU4f5gNUElvUrZpmwH5IwkDABC45HxOIYXDU=,tag:q/Yox5t//+yLPq7GQeUMFQ==,type:str] + lastmodified: "2025-05-25T12:00:23Z" + mac: ENC[AES256_GCM,data:RpN7bXCBDaG4zbHty2l2pZdvkCHP8LQEhHNE56Thvs3fecgqUDfn/JTb4F+IsdUTbSj68jE8hZhNK2oVH7KIkoGfMv6NUGaQo0vGU9cTAN+juaFrHgEGyRc+deazB7hLT2cs87V96v7XjfCA4bL+F0eFINvOX/TZSu6sNoFAYC8=,iv:oKDwGI3Gb/rAIs6DANMyGI/pcOfG15/8ZKa/MYOAa5E=,tag:uWY/eG+vW/5l382y4lN6Ow==,type:str] pgp: - - created_at: "2025-05-25T10:35:11Z" + - created_at: "2025-05-25T12:00:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklAQ/+K+G06VtrtojKTRADKvXKKF+KI2ishkmOLnQNblMhRy10 - cJeyfXrQ6HLaqVAh+3/2IUNb85Y/udfFHH6GuCrnib4QwJU1+u/rh1h11BDTKJMO - y5mkGZuu1mEp30sSSbEYlk4FMoklqsA2SPIb1ofYi5M+Iz1eMWeJyUy6mMvrClYw - y2EQ+9+39o4sO/KTg6RI6uF/BDgL/qo9PBg4IGXS6KQYiQdzOKslxZRXdKren5ll - /AA0BWj4pciytuWI3Rp2dfd4Odk+hf/fnk8vyki0snDlR0GP4hKifxseoOHnHVor - Rxp4bb3uUwpZ0yi3yn8/IwC797ZwcefyNTDm7UACmmUvJBYEdul5YdhFXVAtENst - fYIGuI2Ypkky4klu1QRkrzSwqztuIZ5O5o16rn3McPycXh9ftxELnPE0rQz+4ee3 - bcy9FK8b9fsgc3YgqqfDYuXyoyA90pDRl+x+Ejng089pA2I1yes1pT+vMaxfFpvj - mulzhlTdc63xNWzqQQ9Zdk7z239pgvrtVI6bQDSDlLT8qcLAhqBf6lCcAL6tqUJy - wpbiTA4GfB6h26vFOvvvLNhMKn7XeAZUt2PiaZR2Nxdh8slcvVbgBiMcziEugZ2G - Mzq0fzD1EbJsdceTx4hgVop8q40KiFZCFnx1gRrlH8sUrF92NPa14skaAtHsHozU - aAEJAhCW+hNEIFREgHv2QeN/lV7qhjyDiBKWUXKbzILUutR0r5hMfmHAnyen5Ck7 - ROGVrA4EpO9SOr8CxPp0DngmdhpwoWTSE4THENNKV/ggNTzFz6mjulUcEJMcMX5q - M3eLeR38qWQa - =ajdb + hQIMAxd/Yh1BfDklAQ/9FFfR6OV8i8eep9/9NneTHN0FGxHBF/HWDyi2ga0wuDpu + ntVBpkCT2KtqbDKuNaMtUP6GIu8v8/52FEDnpSZsJrXANt4mz97eZYft7dllC+MU + Ge8KxO5LY4YRkboELYpMb9D4zo/tZ3o40mqeBz6dCG+4acAOcaNpF4NWuzqINm2o + Qp/PeY9M5JIkf+ReJM1G14EDam509EsbA/dgysbXj0FCCOjTv+1NIQ+5x1AuEeTK + 75ra+5igSr5cQHHeHZam9JyRhjxd1zawEj6VK0bOhqjI5KBpa98RoSH36aMijdOF + N5E6z3TClLKuvxD66s1LX2TjYvE348+UDEbf3c5/iAZzWeKzYYBDZZrMwAoBXnK2 + ajzLg8r5WUrXZ2A/9godsc5DtSnS8eqhSWckLQLEaePyuAhr3tczWOCEloDJ4CPm + PVHsAsegFYoK3iDILzl0IoYSVKfJO/440xeFn+rZD3qSSAZgeEvhYu6od85e3Cfa + EvSWPukaREucXxjIdwf6kSa4zfocY9Fsz4Ug4Pser7F1Fiw40FvSg47EMiwx7oxq + WB5XXep/IwRMfK49k23e3xFExXQei/F2va5RtZfOxuNHPa6mz1GleDzNEN8Yn3Rb + G1xZwUMBKGBtT68MiSmdDS/pb/NbzMeNxHRQh1mVoOFKIaVh9Bieuw0Kjd/yKqTU + aAEJAhB0SUSBaXCOHVO+rrHe0Fm9P3XsSc9+ZKB5EckSuIxvU4vxOlUf9qqlf6tA + pTSggVbG9umwTQ9yD6LRMafeuPGVK/rTc1xr+ck0qOJ+C2RQyiaiwn0P7jz25wpn + san0yxD+bcq5 + =hb+B -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ diff --git a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml index 1b272eb..6f988c0 100644 --- a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml +++ b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml @@ -14,7 +14,7 @@ spec: groupName: patanix.de solverName: hetzner config: - secretName: hetzner-dns-api-token + secretName: hetzner-secret zoneName: patanix.de apiUrk: https://dns.hetzner.com/api/v1 # apiTokenSecretRef: From 0a24c7f0bf0b64901d23c1d706bee82910cd1e49 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 15:54:08 +0200 Subject: [PATCH 12/94] ci: deploy home assistant via flux cd (20GiB, ha.patanix.de) --- apps/home-assistant/helmrelease.yaml | 35 ++++++++++ apps/home-assistant/helmrepository.yaml | 8 +++ apps/home-assistant/kustomization.yaml | 7 ++ apps/home-assistant/namespace.yaml | 4 ++ apps/home-assistant/pvc.yaml | 12 ++++ apps/kustomization.yaml | 4 ++ clusters/production/kustomization.yaml | 1 + notes/home-assistant.md | 86 +++++++++++++++++++++++++ 8 files changed, 157 insertions(+) create mode 100644 apps/home-assistant/helmrelease.yaml create mode 100644 apps/home-assistant/helmrepository.yaml create mode 100644 apps/home-assistant/kustomization.yaml create mode 100644 apps/home-assistant/namespace.yaml create mode 100644 apps/home-assistant/pvc.yaml create mode 100644 apps/kustomization.yaml create mode 100644 notes/home-assistant.md diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml new file mode 100644 index 0000000..9b95da4 --- /dev/null +++ b/apps/home-assistant/helmrelease.yaml @@ -0,0 +1,35 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: home-assistant + namespace: home-assistant +spec: + interval: 10m + releaseName: home-assistant + chart: + spec: + chart: home-assistant + version: "0.3.2" + sourceRef: + kind: HelmRepository + name: home-assistant + namespace: flux-system + values: + persistence: + enabled: true + existingClaim: home-assistant-config + ingress: + main: + enabled: true + # className: traefik + hosts: + - host: ha.patanix.de + paths: + - path: / + pathType: Prefix + tls: + - secretName: ha-patanix-de-tls + hosts: + - ha.patanix.de + annotations: + cert-manager.io/cluster-issuer: letsencrypt-dns diff --git a/apps/home-assistant/helmrepository.yaml b/apps/home-assistant/helmrepository.yaml new file mode 100644 index 0000000..9b03a11 --- /dev/null +++ b/apps/home-assistant/helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: home-assistant + namespace: flux-system +spec: + interval: 1h0m0s + url: http://pajikos.github.io/home-assistant-helm-chart diff --git a/apps/home-assistant/kustomization.yaml b/apps/home-assistant/kustomization.yaml new file mode 100644 index 0000000..bd3d01d --- /dev/null +++ b/apps/home-assistant/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - helmrepository.yaml + - helmrelease.yaml + - pvc.yaml diff --git a/apps/home-assistant/namespace.yaml b/apps/home-assistant/namespace.yaml new file mode 100644 index 0000000..7c1d06d --- /dev/null +++ b/apps/home-assistant/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: home-assistant diff --git a/apps/home-assistant/pvc.yaml b/apps/home-assistant/pvc.yaml new file mode 100644 index 0000000..9de2299 --- /dev/null +++ b/apps/home-assistant/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: home-assistant-config + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: local-path diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml new file mode 100644 index 0000000..3e89cb3 --- /dev/null +++ b/apps/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - home-assitant/ diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index b391401..7c02b60 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../infrastructure + - ../../apps diff --git a/notes/home-assistant.md b/notes/home-assistant.md new file mode 100644 index 0000000..c21df6b --- /dev/null +++ b/notes/home-assistant.md @@ -0,0 +1,86 @@ +# Home Assistant Best Practices + +## Secret +- Nicht zwingend nötig, nur für zusätzliche Umgebungsvariablen. +- Kann jederzeit nachgerüstet werden. + +## Zertifikat +- Standard: Ingress mit cert-manager-Annotation, cert-manager erstellt das Zertifikat automatisch. +- Alternativ: Certificate-Objekt selbst anlegen, dann Annotation im Ingress entfernen. + +## HelmRepository (pajikos) +```bash +cat < infrastructure/services/home-assistant/helmrepository.yaml +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: pajikos-home-assistant + namespace: flux-system +spec: + interval: 30m + url: https://pajikos.github.io/home-assistant-helm-chart +EOF +``` + +## HelmRelease (Beispiel) +```bash +cat < infrastructure/services/home-assistant/helmrelease.yaml +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: home-assistant + namespace: home-assistant +spec: + interval: 15m + chart: + spec: + chart: home-assistant + version: 15.3.5 + sourceRef: + kind: HelmRepository + name: pajikos-home-assistant + namespace: flux-system + values: + persistence: + enabled: true + existingClaim: home-assistant-config + ingress: + main: + enabled: true + hosts: + - host: ha.patanix.de + paths: + - / + tls: + - secretName: ha-patanix-de-tls + hosts: + - ha.patanix.de + annotations: + cert-manager.io/cluster-issuer: letsencrypt-dns +EOF +``` + +## 2. Secret verschlüsseln - falls vorhanden +```bash +sops -e -i infrastructure/services/home-assistant/secret.yaml +``` + +## 3. Dateien ins Repo legen und pushen +```bash +git add infrastructure/services/home-assistant/* +git add infrastructure/kustomization-home-assistant.yaml +git commit -m "Deploy Home Assistant via FluxCD (20GiB, ha.patanix.de)" +git push origin main +``` + +## 4. Flux synchronisieren +```bash +flux reconcile source git flux-system +flux get kustomizations +kubectl -n home-assistant get pods +kubectl -n home-assistant get ingress +kubectl -n home-assistant get certificate +``` + +## 5. Erreichbarkeit testen +# Nach DNS-Propagation und Zertifikatsausstellung: https://ha.patanix.de aufrufen From 4de4e3d8e683ea5c6fea0f9a1af0e9990c755d9f Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 15:57:22 +0200 Subject: [PATCH 13/94] fix: fix typo in kustomization.yaml --- apps/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 3e89cb3..5bf9757 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - home-assitant/ + - home-assistant/ From f56852fc5846069850ec2c9fd4ffc8cbb5e34ebe Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 16:06:50 +0200 Subject: [PATCH 14/94] fix: add missing config files for ingress --- apps/home-assistant/helmrelease.yaml | 30 +++++++++++++++------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index 9b95da4..7916bfb 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -19,17 +19,19 @@ spec: enabled: true existingClaim: home-assistant-config ingress: - main: - enabled: true - # className: traefik - hosts: - - host: ha.patanix.de - paths: - - path: / - pathType: Prefix - tls: - - secretName: ha-patanix-de-tls - hosts: - - ha.patanix.de - annotations: - cert-manager.io/cluster-issuer: letsencrypt-dns + enabled: true + className: traefik + hosts: + - host: ha.patanix.de + paths: + - path: / + pathType: Prefix + tls: + - secretName: ha-patanix-de-tls + hosts: + - ha.patanix.de + annotations: + cert-manager.io/cluster-issuer: letsencrypt-dns + service: + type: ClusterIP + port: 8123 From 87f4be21785d518bbbd5e6bbb09c8c9e362c32f8 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 17:09:50 +0200 Subject: [PATCH 15/94] fix: try to fix certificate retrieval by deleting not needed fields --- infrastructure/cert-manager/letsencrypt-clusterissuer.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml index 6f988c0..b542ba4 100644 --- a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml +++ b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml @@ -15,8 +15,8 @@ spec: solverName: hetzner config: secretName: hetzner-secret - zoneName: patanix.de - apiUrk: https://dns.hetzner.com/api/v1 + # zoneName: patanix.de + # apiUrk: https://dns.hetzner.com/api/v1 # apiTokenSecretRef: # name: hetzner-dns-api-token # key: token From 495336d976baa77cb2faa247c3a9eaeefb70eab0 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 17:20:26 +0200 Subject: [PATCH 16/94] fix: reactivate fields and fix typo --- infrastructure/cert-manager/letsencrypt-clusterissuer.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml index b542ba4..75f3c4b 100644 --- a/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml +++ b/infrastructure/cert-manager/letsencrypt-clusterissuer.yaml @@ -15,8 +15,8 @@ spec: solverName: hetzner config: secretName: hetzner-secret - # zoneName: patanix.de - # apiUrk: https://dns.hetzner.com/api/v1 + zoneName: patanix.de + apiUrl: https://dns.hetzner.com/api/v1 # apiTokenSecretRef: # name: hetzner-dns-api-token # key: token From ce39c6e67e1a1db7c4941c966dd9f23f02f14160 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 17:44:37 +0200 Subject: [PATCH 17/94] fix: add kustomization for sops --- infrastructure/kustomization-cert-manager.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 infrastructure/kustomization-cert-manager.yaml diff --git a/infrastructure/kustomization-cert-manager.yaml b/infrastructure/kustomization-cert-manager.yaml new file mode 100644 index 0000000..80503d6 --- /dev/null +++ b/infrastructure/kustomization-cert-manager.yaml @@ -0,0 +1,17 @@ +# Datei: infrastructure/kustomization-cert-manager.yaml +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 10m + path: ./infrastructure/cert-manager + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg From 209b1034fe040f38334ffbf18b741f2ccb7d597f Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 18:20:45 +0200 Subject: [PATCH 18/94] fix: add kustomization for cert-manager in cluster/production --- .../production/cert-manager.yaml | 2 +- clusters/production/kustomization.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) rename infrastructure/kustomization-cert-manager.yaml => clusters/production/cert-manager.yaml (88%) diff --git a/infrastructure/kustomization-cert-manager.yaml b/clusters/production/cert-manager.yaml similarity index 88% rename from infrastructure/kustomization-cert-manager.yaml rename to clusters/production/cert-manager.yaml index 80503d6..8a7f7e2 100644 --- a/infrastructure/kustomization-cert-manager.yaml +++ b/clusters/production/cert-manager.yaml @@ -6,7 +6,7 @@ metadata: namespace: flux-system spec: interval: 10m - path: ./infrastructure/cert-manager + path: ../../infrastructure/cert-manager prune: true sourceRef: kind: GitRepository diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 7c02b60..65740a8 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - cert-manager.yaml - ../../infrastructure - ../../apps From 4bc9252c307b63dc25ad8422625c7d7eb4fd23bf Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 18:27:25 +0200 Subject: [PATCH 19/94] fix: add trusted proxy to enable traefik --- apps/home-assistant/helmrelease.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index 7916bfb..f7209ba 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -35,3 +35,11 @@ spec: service: type: ClusterIP port: 8123 + configuration: + enabled: true + trusted_proxies: + - "10.43.0.0/16" + - "192.168.0.0/16" + - "::1" + - "127.0.0.1" + use_x_forwarded_for: true From 3b483ed3a13c7cec459ada2a2fdd3e721a578f3a Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 18:32:51 +0200 Subject: [PATCH 20/94] fix: change proxy ip --- apps/home-assistant/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index f7209ba..d975e48 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -38,7 +38,7 @@ spec: configuration: enabled: true trusted_proxies: - - "10.43.0.0/16" + - "10.42.0.0/16" - "192.168.0.0/16" - "::1" - "127.0.0.1" From a05af962754c6a3eb29672e159731c2843f1106a Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 18:35:15 +0200 Subject: [PATCH 21/94] fix: deactivate hostNetwork --- apps/home-assistant/helmrelease.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index d975e48..e94b315 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -15,6 +15,7 @@ spec: name: home-assistant namespace: flux-system values: + hostNetwork: false persistence: enabled: true existingClaim: home-assistant-config From 3bc0c32cca00c8930f820e3681fe6618a9741bbc Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 18:52:23 +0200 Subject: [PATCH 22/94] ci: update home-assistant chart version --- apps/home-assistant/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index e94b315..0dec869 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: home-assistant - version: "0.3.2" + version: "0.3.4" sourceRef: kind: HelmRepository name: home-assistant From 468a71d482599dac69fd68025ee520835f7a375a Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 19:26:51 +0200 Subject: [PATCH 23/94] fix: remove double quotes from ip adresses --- apps/home-assistant/helmrelease.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index 0dec869..9b25894 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -38,9 +38,11 @@ spec: port: 8123 configuration: enabled: true + forceInit: true trusted_proxies: - - "10.42.0.0/16" - - "192.168.0.0/16" - - "::1" - - "127.0.0.1" - use_x_forwarded_for: true + - 10.42.0.0/16 + - 10.0.0.0/8 + - 192.168.0.0/16 + - ::1 + - 127.0.0.1 + # use_x_forwarded_for: true From 9ab35b8b699400468814fb994dd590ff09fc1286 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 19:27:33 +0200 Subject: [PATCH 24/94] fix: add a missing ip --- apps/home-assistant/helmrelease.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index 9b25894..bc2d03f 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -42,7 +42,8 @@ spec: trusted_proxies: - 10.42.0.0/16 - 10.0.0.0/8 + - 127.16.0.0/12 - 192.168.0.0/16 - ::1 - - 127.0.0.1 + - 127.0.0.1/8 # use_x_forwarded_for: true From 8f9f65370e1dc3a1d96697f9d5f93698fdaebde8 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 19:35:03 +0200 Subject: [PATCH 25/94] fix: try another fix to enable home-assistant --- apps/home-assistant/helmrelease.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index bc2d03f..32503c6 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -40,10 +40,5 @@ spec: enabled: true forceInit: true trusted_proxies: - - 10.42.0.0/16 - - 10.0.0.0/8 - - 127.16.0.0/12 - - 192.168.0.0/16 - - ::1 - - 127.0.0.1/8 + - 10.42.0.8 # use_x_forwarded_for: true From f68afd6307c4791148a1ca11d7759348d9bfac53 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 19:39:52 +0200 Subject: [PATCH 26/94] fix: another try --- apps/home-assistant/helmrelease.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index 32503c6..37280f9 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -40,5 +40,11 @@ spec: enabled: true forceInit: true trusted_proxies: + - 10.42.0.0/16 - 10.42.0.8 + - 10.0.0.0/8 + - 127.16.0.0/12 + - 192.168.0.0/16 + - ::1 + - 127.0.0.1/8 # use_x_forwarded_for: true From df88027805e8bc046f9ea4a9efa792e9e53b00f7 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 19:41:14 +0200 Subject: [PATCH 27/94] fix: remove forceInit --- apps/home-assistant/helmrelease.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index 37280f9..e22862e 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -38,7 +38,6 @@ spec: port: 8123 configuration: enabled: true - forceInit: true trusted_proxies: - 10.42.0.0/16 - 10.42.0.8 From 36ccbef0021447ae7f23a0ae8fc6ff5070957b32 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 19:44:36 +0200 Subject: [PATCH 28/94] fix: fix typo in ip list --- apps/home-assistant/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index e22862e..b37fe51 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -45,5 +45,5 @@ spec: - 127.16.0.0/12 - 192.168.0.0/16 - ::1 - - 127.0.0.1/8 + - 127.0.0.1 # use_x_forwarded_for: true From c5f6183e5be4f9c1602acc0b561169bfcc0d6ab2 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 19:49:31 +0200 Subject: [PATCH 29/94] fix: clean up trusted proxies --- apps/home-assistant/helmrelease.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index b37fe51..e00091e 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -40,10 +40,6 @@ spec: enabled: true trusted_proxies: - 10.42.0.0/16 - - 10.42.0.8 - - 10.0.0.0/8 - - 127.16.0.0/12 - - 192.168.0.0/16 - ::1 - 127.0.0.1 # use_x_forwarded_for: true From badf6c247a955d7b15ff34652e0fafc5f4e3d4ec Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 20:53:09 +0200 Subject: [PATCH 30/94] ci: deploy kitchenowl via flux cd (kitchen.patanix.de, 5GiB PVC, SOPS) --- apps/kitchenowl/certificate.yaml | 13 ++++++++++ apps/kitchenowl/deployment.yaml | 33 +++++++++++++++++++++++ apps/kitchenowl/ingress.yaml | 24 +++++++++++++++++ apps/kitchenowl/kustomization.yaml | 10 +++++++ apps/kitchenowl/namespace.yaml | 4 +++ apps/kitchenowl/pvc.yaml | 12 +++++++++ apps/kitchenowl/secret.yaml | 36 ++++++++++++++++++++++++++ apps/kitchenowl/service.yaml | 12 +++++++++ apps/kustomization.yaml | 1 + clusters/production/cert-manager.yaml | 1 - clusters/production/kitchenowl.yaml | 17 ++++++++++++ clusters/production/kustomization.yaml | 1 + 12 files changed, 163 insertions(+), 1 deletion(-) create mode 100644 apps/kitchenowl/certificate.yaml create mode 100644 apps/kitchenowl/deployment.yaml create mode 100644 apps/kitchenowl/ingress.yaml create mode 100644 apps/kitchenowl/kustomization.yaml create mode 100644 apps/kitchenowl/namespace.yaml create mode 100644 apps/kitchenowl/pvc.yaml create mode 100644 apps/kitchenowl/secret.yaml create mode 100644 apps/kitchenowl/service.yaml create mode 100644 clusters/production/kitchenowl.yaml diff --git a/apps/kitchenowl/certificate.yaml b/apps/kitchenowl/certificate.yaml new file mode 100644 index 0000000..99edd64 --- /dev/null +++ b/apps/kitchenowl/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kitchenowl-tls + namespace: kitchenowl +spec: + secretName: kitchenowl-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: kitchen.patanix.de + dnsNames: + - kitchen.patanix.de diff --git a/apps/kitchenowl/deployment.yaml b/apps/kitchenowl/deployment.yaml new file mode 100644 index 0000000..a6a0694 --- /dev/null +++ b/apps/kitchenowl/deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kitchenowl + namespace: kitchenowl +spec: + replicas: 1 + selector: + matchLabels: + app: kitchenowl + template: + metadata: + labels: + app: kitchenowl + spec: + containers: + - name: kitchenowl + image: 'tombursch/kitchenowl:latest' + env: + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: kitchenowl-secret + key: KO_SECRET_KEY + - name: DB_TYPE + value: sqlite + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: kitchenowl-data diff --git a/apps/kitchenowl/ingress.yaml b/apps/kitchenowl/ingress.yaml new file mode 100644 index 0000000..f1ac859 --- /dev/null +++ b/apps/kitchenowl/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kitchenowl + namespace: kitchenowl + annotations: + cert-manager.io/cluster-issuer: letsencrypt-dns +spec: + ingressClassName: traefik + rules: + - host: kitchen.patanix.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kitchenowl + port: + number: 80 + tls: + - hosts: + - kitchen.patanix.de + secretName: kitchenowl-tls diff --git a/apps/kitchenowl/kustomization.yaml b/apps/kitchenowl/kustomization.yaml new file mode 100644 index 0000000..2de3493 --- /dev/null +++ b/apps/kitchenowl/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - pvc.yaml + - secret.yaml + - deployment.yaml + - service.yaml + - ingress.yaml + - certificate.yaml diff --git a/apps/kitchenowl/namespace.yaml b/apps/kitchenowl/namespace.yaml new file mode 100644 index 0000000..e8bed9e --- /dev/null +++ b/apps/kitchenowl/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kitchenowl diff --git a/apps/kitchenowl/pvc.yaml b/apps/kitchenowl/pvc.yaml new file mode 100644 index 0000000..fe037d2 --- /dev/null +++ b/apps/kitchenowl/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kitchenowl-data + namespace: kitchenowl +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: local-path diff --git a/apps/kitchenowl/secret.yaml b/apps/kitchenowl/secret.yaml new file mode 100644 index 0000000..f9cf80f --- /dev/null +++ b/apps/kitchenowl/secret.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kitchenowl-secret + namespace: kitchenowl +type: Opaque +stringData: + KO_SECRET_KEY: ENC[AES256_GCM,data:9Q4K1DMvJRDl72Q=,iv:DF3FaHwmLfSrN50L8O7/iUyXsF+ENEYIz5d3P7ZHbqk=,tag:JOzYcvIZNlRdimX5PLPV0A==,type:str] + KO_DB_PASSWORD: ENC[AES256_GCM,data:MeDzLSRNGDxuSKlZ/H5TKw==,iv:zJyTUJ5FqVYYAuSjTgPmvdRjHPSyjWZLm1su3o2siLg=,tag:iqvmA98wtmDDOPHcLpFLrw==,type:str] +sops: + lastmodified: "2025-05-25T18:48:06Z" + mac: ENC[AES256_GCM,data:Yf4i9CMEsEY33d2R2JU56ghEpC7qlOQLC4f956f92mAls+fTfekzC1vpeMOHDup+4si3eBYdXKBMLnj0vuIcL5QSTRHLQgzAwRguqXEw/CL6zXD6cHwTyPbxWTLIob2NovIBonHVhIIKkaai2QGnJyrPN6EaTmXRMlYE5wKocxc=,iv:JVpj6i3ZtQMQ0JaoL5+fe8ZMi3ozG5xTcxSc9D9Drvg=,tag:Zw8jA5abHLkIIapS/tHRjg==,type:str] + pgp: + - created_at: "2025-05-25T18:48:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklARAAmE6dV/SfdGurYL0RPTJ1J3BTmiGzd9BemsyIjoBtRaOS + bNa5woXTpGO+48QWztiuWOEoIx5RlZNFmtF/zFHSvsuZX9uW4TMQdPQRE4HOJBG8 + ZxByyDyowLmvjH7O7U6BoFw9rlyiAxYknO96gGcKCtJAaHgpmnqzcDzyRicAB615 + 04AlR+ZQwbiI/FKO11tV8mlxnR4AiEpyVpggD8zV1pHjnuzZPSLx40vpyhqU5edT + U8ii22xlxO306ANsO5Kk/J14Dg0aiLZrLGON07Am0CIbrPewUh5cvDWbeBuMPC60 + CbrA905lI5RrrjGMIEf5qs2z0S+W4RxcrB4gUAhauKqwx/iUj8s2UGZXunzz44jI + ylepfhmJmh0lCYpZZGV9vfw0Qnat/dzVWXyeS1BfOMMcksyiVLqPpvg7me6Bdlrd + SZ5FzLCnN9p+2OFO/wmUVMiIbYie8Del6FVvEZRxeKHCGXE0qWY/YLdvBTye4gWB + 03/mqaxnoJS+HpwNk/H8tmmrzHaabiRxIcv7Sd7QUNLMDZZkusBDbMevASgE2gyu + 5QkOZ28sMvYuyeDl97KJfS6QottLB6EPa8fjHREdfhHSe+vhvb5/v1irsKuaZnvc + FtnrdWYAlBMYRCHVeE595xW9HG2xWKdBlpY7z0b2R5wyrffxObuUChK6tD06N/7U + aAEJAhBJUGnyEpEtLGU18J9W5i0HVVxV96ArGvm2+2/5jzwH9/vcJrG06sSoCpvA + Su7QnsOau+wKD7eBw9BcNTIkERr1ggCYha9en+zYCdt2DGHIpOrqCQ2tF0+JkgD1 + Pz17gB922Z4A + =+7KI + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/kitchenowl/service.yaml b/apps/kitchenowl/service.yaml new file mode 100644 index 0000000..f61598b --- /dev/null +++ b/apps/kitchenowl/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: kitchenowl + namespace: kitchenowl +spec: + selector: + app: kitchenowl + ports: + - protocol: TCP + port: 80 + targetPort: 8080 diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 5bf9757..f8c4c0c 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - home-assistant/ + - kitchenowl/ diff --git a/clusters/production/cert-manager.yaml b/clusters/production/cert-manager.yaml index 8a7f7e2..4752bfd 100644 --- a/clusters/production/cert-manager.yaml +++ b/clusters/production/cert-manager.yaml @@ -1,4 +1,3 @@ -# Datei: infrastructure/kustomization-cert-manager.yaml apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/clusters/production/kitchenowl.yaml b/clusters/production/kitchenowl.yaml new file mode 100644 index 0000000..7181e97 --- /dev/null +++ b/clusters/production/kitchenowl.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: kitchenowl + namespace: flux-system +spec: + interval: 10m + path: ../../infrastructure/apps/kitchenowl + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg + diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 65740a8..f5ad92a 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cert-manager.yaml + - kitchenowl.yaml - ../../infrastructure - ../../apps From 5a0c1949f4571e741d922658e34b27c3ffdd053d Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Sun, 25 May 2025 20:56:10 +0200 Subject: [PATCH 31/94] fix: fix wrong path for kitchenowl sops --- clusters/production/kitchenowl.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/production/kitchenowl.yaml b/clusters/production/kitchenowl.yaml index 7181e97..a7d7e91 100644 --- a/clusters/production/kitchenowl.yaml +++ b/clusters/production/kitchenowl.yaml @@ -5,7 +5,7 @@ metadata: namespace: flux-system spec: interval: 10m - path: ../../infrastructure/apps/kitchenowl + path: ../../apps/kitchenowl prune: true sourceRef: kind: GitRepository From 1b8228792358dcc7a51bda2cfd79be1aca345be2 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 07:39:38 +0200 Subject: [PATCH 32/94] ci: deploy forgejo via helm (git.patanix.de, 40GiB PVC, PostgreSQL, SOPS) --- apps/forgejo/certificate.yaml | 13 ++++++ apps/forgejo/forgejo-admin-secret.yaml | 37 +++++++++++++++ apps/forgejo/helmrelease.yaml | 50 +++++++++++++++++++++ apps/forgejo/kustomization.yaml | 9 ++++ apps/forgejo/namespace.yaml | 4 ++ apps/forgejo/postgres-secret.yaml | 37 +++++++++++++++ apps/forgejo/pvc.yaml | 12 +++++ clusters/production/forgejo.yaml | 16 +++++++ clusters/production/kustomization.yaml | 2 + clusters/production/ocirepository.yaml | 12 +++++ infrastructure/ocirepositories/forgejo.yaml | 9 ++++ 11 files changed, 201 insertions(+) create mode 100644 apps/forgejo/certificate.yaml create mode 100644 apps/forgejo/forgejo-admin-secret.yaml create mode 100644 apps/forgejo/helmrelease.yaml create mode 100644 apps/forgejo/kustomization.yaml create mode 100644 apps/forgejo/namespace.yaml create mode 100644 apps/forgejo/postgres-secret.yaml create mode 100644 apps/forgejo/pvc.yaml create mode 100644 clusters/production/forgejo.yaml create mode 100644 clusters/production/ocirepository.yaml create mode 100644 infrastructure/ocirepositories/forgejo.yaml diff --git a/apps/forgejo/certificate.yaml b/apps/forgejo/certificate.yaml new file mode 100644 index 0000000..46bb271 --- /dev/null +++ b/apps/forgejo/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: forgejo-tls + namespace: forgejo +spec: + secretName: forgejo-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: git.patanix.de + dnsNames: + - git.patanix.de diff --git a/apps/forgejo/forgejo-admin-secret.yaml b/apps/forgejo/forgejo-admin-secret.yaml new file mode 100644 index 0000000..eaff096 --- /dev/null +++ b/apps/forgejo/forgejo-admin-secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-admin + namespace: forgejo +type: Opaque +stringData: + username: ENC[AES256_GCM,data:fMYot9k=,iv:pYWAXZJwbeGkVYqkkCwy+mt2+C/nV0htJTLElbCsC9w=,tag:uHCY5wXI2Hw5evHmLvjGGA==,type:str] + email: ENC[AES256_GCM,data:qmtRbInJDiFatiZ9/+UfqzLThgEAZHXG+g==,iv:jLL8HQOlp26DucUd6926FiddgdXAgPlRg0Bh/TYSFGg=,tag:jFwn/W4yim/FAS8Inh0/fw==,type:str] + password: ENC[AES256_GCM,data:/H3kA+soznxZAME=,iv:pCtsO6HWYXYu7hbhQw+8dnHbBztmsQc2jDfMztZMY/g=,tag:4eUxzfwuBOF3fG3dUqMPkw==,type:str] +sops: + lastmodified: "2025-05-26T05:35:31Z" + mac: ENC[AES256_GCM,data:P1dvbZRm3YtrV1Xj8WuvTVWbmyaj3Grejlrs8QqmNawFyetAQo0by0iGsYvWzPhTbLbrK6GS/WOfc+hW85asRuresXDaJCzfuYcJX0wav5z4P5hrTDZDV/Mi1jgZ3v75ZVHqTqV7m0kCY0tgRCDyGL0FKi9gqLO2SPjPgMUKCHM=,iv:BARvvC59BgmghzunnihyVIiNenA+hd0k8XRh5H7QL9c=,tag:E05gPL7F+RfMyFX1qUrpog==,type:str] + pgp: + - created_at: "2025-05-26T05:35:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklAQ//QOjSRd8bXDBaiCel1n5BnudTkPcZuHNeR0HQtAVG4eHh + FT32Zq18mdaIDyLFuDHbyERICBZFs4d/JuXOblbmg2FvIUhR4a/egiaAGSdu6kqZ + VUYmDZyVkE2pdHb47wKazzQ6/QVQ3LTWDBMOMCS2svMrVcMskw6qAVT3nqTXWTT0 + P6qwCCbNF+SMtn6K8QR8ihbF0nbjvVgafyKVFU/jmagu4P9th2nhpeePpc0HXAii + +PnTi88TJ/OH0qPtZsqP90WICQkJ9IbHKH7cNf/Q4qn2K2KtfgUZJJJLDuqDwsKL + 4h34T3U+QOZUVgmEeyfGAvgVN95sIvnXjcab0TTtZCajjTy4RvjJ19x3iRYKEMwW + vAsuztDUFb7PYk2xOxCQHUf8eZVKL4immIIkQ5+ERKGGjV3lWakeiVfIGjqHy3U3 + I1tEpQ+fT/aQGx7UyIeu1Aa/s9yhBWwpcwddXG5P52f2CagzjqvIE+qFKtrDyyUm + PR1/dIi1lhbCkMMr9q93y06xOLvxgvWedV4prtOCQnsadbZoCFOgGJFrAXZ3nQmo + iu5UG4cZU29kuN4GLItXpowusLXXquGH9lXF0MKrDIyOhf3k9b1DNoF1Vir2K7jg + +XkN+T2n+GfOswp4WJx7am2P/jK0/4WuwWhCq+t/I80u/jKuttytKqXrZ+nHBanU + aAEJAhDihxbI/EkSjsK7yMXrF2oA/s8eRSrh9t3FtdbkSLPPjp2pNR80CrcBW1+5 + 74S1hKyv637XyIDdG61ELiJ0Rz6YolshZo2g37+Y7udX0F9exVZX5GcosEpWzjzE + UCRfv3bJp/E4 + =oQ/p + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml new file mode 100644 index 0000000..78ae80b --- /dev/null +++ b/apps/forgejo/helmrelease.yaml @@ -0,0 +1,50 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: forgejo + namespace: forgejo +spec: + interval: 15m + chart: + spec: + chart: forgejo + version: 12.5.1 + sourceRef: + kind: OCIRepository + name: forgejo + namespace: flux-system + values: + persistence: + enabled: true + existingClaim: forgejo-data + ingress: + enabled: true + className: traefik + hosts: + - host: git.patanix.de + paths: + - path: / + pathType: Prefix + tls: + - secretName: forgejo-tls + hosts: + - git.patanix.de + annotations: + cert-manager.io/cluster-issuer: letsencrypt-dns + admin: + existingSecret: forgejo-admin + usernameKey: username + passwordKey: password + emailKey: email + postgresql: + enabled: true + auth: + existingSecret: forgejo-postgresql + usernameKey: postgres-user + passwordKey: postgres-password + databaseKey: postgres-db + primary: + persistence: + enabled: true + storageClass: local-path + size: 8Gi diff --git a/apps/forgejo/kustomization.yaml b/apps/forgejo/kustomization.yaml new file mode 100644 index 0000000..4497ef3 --- /dev/null +++ b/apps/forgejo/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - pvc.yaml + - forgejo-admin-secret.yaml + - forgejo-postgres-secret.yaml + - helmrelease.yaml + - certificate.yaml diff --git a/apps/forgejo/namespace.yaml b/apps/forgejo/namespace.yaml new file mode 100644 index 0000000..6521f89 --- /dev/null +++ b/apps/forgejo/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: forgejo diff --git a/apps/forgejo/postgres-secret.yaml b/apps/forgejo/postgres-secret.yaml new file mode 100644 index 0000000..6c2d909 --- /dev/null +++ b/apps/forgejo/postgres-secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-postgres + namespace: forgejo +type: Opaque +stringData: + postgres-password: ENC[AES256_GCM,data:da6nuHh8My8a+hlAaEbFb3DqNw==,iv:UJndoTUbG9rgI9dCQGBUzQXWLBbmBv7BRk/sbpMpo7I=,tag:3X8eSFmg8zCoJKgFqw4oTg==,type:str] + postgres-user: ENC[AES256_GCM,data:7QqScpInuQ==,iv:l7HWnyMMRv3Hke1lV+wrDDUrxfbB/ZID9cZmh/DIDBg=,tag:qXlk+DsUIh/z11c9G6VMKQ==,type:str] + postgres-db: ENC[AES256_GCM,data:CgJLPv5kfQ==,iv:dBXw0tIg43rIj2avzPXt+sbBpV7M+hAAItCU4kka+vY=,tag:TX+yA3MSOs0w5ZLxe4zLrg==,type:str] +sops: + lastmodified: "2025-05-26T05:35:45Z" + mac: ENC[AES256_GCM,data:GgEuhTjp5VzSXEHQEfgzcYQBNx7nWySaMrf7eLWA5U+1UHUPzgQndFEocgdSnh1juRCN3zEiBwEM4DozQfuxQ2MOHlVEyiaCxQlg0sxd+vXFNT5T5mGr31jvnY/cOb2tnLFRH+Lnfbfnrgm9yugJOQ9JGqblhIoBM5XmPiRifTA=,iv:OFDVIWaQUZf1ey7WYWiPjjcEi+TOwOJD4qVVhfdaoy4=,tag:3MjEU1JuUsIjEUCdYjJMVw==,type:str] + pgp: + - created_at: "2025-05-26T05:35:45Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklAQ/+JuqL1zpDzfWEa5pDwbyQHAMLt00be1cbnyYS+eYclRv3 + LQjlsOBfB0rArezdXwIA+nf11+OB4zht66Rgdh0RC/nZ58CkOwsAaRTB3QCabaD+ + 3eY0M8sCW7ySS2zCZ7ucNjdtvOoWeQApy5mBM5+MvR22jJE6LO9RfAxMOO+ce45Q + GsTJqN8CcjHLaJ+1NMZWx9gmp+KwbHb8K79GPHY6t4r/c7JJQbWV3b45xgjpEhuh + fobXUjfg5uDqPhhEqGpJcRb1sR9kjJm3eRa4inVgLVMjhk5DZscV6Fzegi2+c0Ct + 3BgEOLWoOPZcqDLhuy7FL2dDWMV/akf4tuYYRSx9Rtw2Q3rE0wjnPgaSlawokx9r + R2DfzXU6zRRJme5yEjxTnUL56pV1cfZFzowFKk2J5VcnO/kURov6td6P4mdWRze4 + eWhguNjYQemhJ36orLIamF9ZqJTvlSmKhc4tWWLwHx//Wownn/1qtsZZ8+YSsnBR + Cw4ZR1rVMS89S/4utdPHduIvxZBBNvgILhdcJxv4aPo7yIf63ES+rOT8b0cGkBkC + 40UQb4b3Fhh48x1N/VXzl/I4pgrWZZbXyXjYEnItMAJDtPEaLY8dmWl8HfnzeQBb + ARMO/Ns2HJU/IcsOAbmWQ9tUrA+l3mif1r5+8ICOEFd8zJX97uQEMMw+plgXix3U + aAEJAhA2kcPvufw+4CwWQTQdOigXEr0aVgSJsb7p6x2RlgnDDmrHXTEdQh3LDE14 + fF4E58D6py5KFcpWaiSqjQe75OywolHg0DVwIpbQ340RA+jCrwtkEn5kMiHkm8mO + l4bc3613t0Ud + =/Q9T + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/forgejo/pvc.yaml b/apps/forgejo/pvc.yaml new file mode 100644 index 0000000..8f8f506 --- /dev/null +++ b/apps/forgejo/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: forgejo-data + namespace: forgejo +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 40Gi + storageClassName: local-path diff --git a/clusters/production/forgejo.yaml b/clusters/production/forgejo.yaml new file mode 100644 index 0000000..04d4711 --- /dev/null +++ b/clusters/production/forgejo.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: forgejo + namespace: flux-system +spec: + interval: 10m + path: ../../apps/forgejo + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index f5ad92a..2488197 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -3,5 +3,7 @@ kind: Kustomization resources: - cert-manager.yaml - kitchenowl.yaml + - forgejo.yaml + - ocirepository.yaml - ../../infrastructure - ../../apps diff --git a/clusters/production/ocirepository.yaml b/clusters/production/ocirepository.yaml new file mode 100644 index 0000000..f1a4749 --- /dev/null +++ b/clusters/production/ocirepository.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: ocirepositories + namespace: flux-system +spec: + interval: 10m + path: ../../infrastructure/ocirepositories + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/infrastructure/ocirepositories/forgejo.yaml b/infrastructure/ocirepositories/forgejo.yaml new file mode 100644 index 0000000..564eaae --- /dev/null +++ b/infrastructure/ocirepositories/forgejo.yaml @@ -0,0 +1,9 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: forgejo + namespace: flux-system +spec: + interval: 30m + url: oci://code.forgejo.org/forgejo-helm/forgejo + From 20a16bc3b073b9832502ae1279385dd012f620ec Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 07:42:23 +0200 Subject: [PATCH 33/94] fix: add missing entry for forgejo in kustomization.yaml --- apps/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index f8c4c0c..1bed5d0 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ + - forgejo/ From 655e27710817125311d2f74926275cd0bb344f8e Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 07:47:56 +0200 Subject: [PATCH 34/94] fix: rename postgress-secret yaml --- .../{postgres-secret.yaml => forgejo-postgres-secret.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename apps/forgejo/{postgres-secret.yaml => forgejo-postgres-secret.yaml} (100%) diff --git a/apps/forgejo/postgres-secret.yaml b/apps/forgejo/forgejo-postgres-secret.yaml similarity index 100% rename from apps/forgejo/postgres-secret.yaml rename to apps/forgejo/forgejo-postgres-secret.yaml From c192937f56c4fb205ab7a16a401430266b8ca731 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 07:57:53 +0200 Subject: [PATCH 35/94] fix: fix syntax for ocirepository and helmrelease for forgejo --- apps/forgejo/helmrelease.yaml | 2 +- infrastructure/ocirepositories/forgejo.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index 78ae80b..0de1dfe 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -9,7 +9,7 @@ spec: spec: chart: forgejo version: 12.5.1 - sourceRef: + chartRef: kind: OCIRepository name: forgejo namespace: flux-system diff --git a/infrastructure/ocirepositories/forgejo.yaml b/infrastructure/ocirepositories/forgejo.yaml index 564eaae..6fa869e 100644 --- a/infrastructure/ocirepositories/forgejo.yaml +++ b/infrastructure/ocirepositories/forgejo.yaml @@ -6,4 +6,6 @@ metadata: spec: interval: 30m url: oci://code.forgejo.org/forgejo-helm/forgejo + ref: + tag: "12.5.1" From 05541d9ec9bc32e6b187bffb94a97f648c9eba18 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 08:00:13 +0200 Subject: [PATCH 36/94] fix: fix another syntax error in forgejo helmrelease --- apps/forgejo/helmrelease.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index 0de1dfe..f0e6c0c 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -5,14 +5,10 @@ metadata: namespace: forgejo spec: interval: 15m - chart: - spec: - chart: forgejo - version: 12.5.1 - chartRef: - kind: OCIRepository - name: forgejo - namespace: flux-system + chartRef: + kind: OCIRepository + name: forgejo + namespace: flux-system values: persistence: enabled: true From 37289972d8b7fba7e9ef6e8eb9147c36bd20d0a4 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 08:03:49 +0200 Subject: [PATCH 37/94] fix: disable redis-cluster and postgres-ha --- apps/forgejo/helmrelease.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index f0e6c0c..c643dec 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -32,6 +32,12 @@ spec: usernameKey: username passwordKey: password emailKey: email + redis: + enabled: true + redis-cluster: + enabled: false + postgresql-ha: + enabled: false postgresql: enabled: true auth: From e41d6cc20883015b4801f69a133f287fbcb13e65 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 08:10:10 +0200 Subject: [PATCH 38/94] fix: fix wrong secret name for postgres --- apps/forgejo/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index c643dec..5ce53e5 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -41,7 +41,7 @@ spec: postgresql: enabled: true auth: - existingSecret: forgejo-postgresql + existingSecret: forgejo-postgres usernameKey: postgres-user passwordKey: postgres-password databaseKey: postgres-db From 28cd77f5539fb43cf0f8902e3f5c4222828eb532 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 08:24:25 +0200 Subject: [PATCH 39/94] fix: change field names in postgres secret --- apps/forgejo/forgejo-postgres-secret.yaml | 42 +++++++++++------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/apps/forgejo/forgejo-postgres-secret.yaml b/apps/forgejo/forgejo-postgres-secret.yaml index 6c2d909..0f71dd6 100644 --- a/apps/forgejo/forgejo-postgres-secret.yaml +++ b/apps/forgejo/forgejo-postgres-secret.yaml @@ -5,32 +5,32 @@ metadata: namespace: forgejo type: Opaque stringData: - postgres-password: ENC[AES256_GCM,data:da6nuHh8My8a+hlAaEbFb3DqNw==,iv:UJndoTUbG9rgI9dCQGBUzQXWLBbmBv7BRk/sbpMpo7I=,tag:3X8eSFmg8zCoJKgFqw4oTg==,type:str] - postgres-user: ENC[AES256_GCM,data:7QqScpInuQ==,iv:l7HWnyMMRv3Hke1lV+wrDDUrxfbB/ZID9cZmh/DIDBg=,tag:qXlk+DsUIh/z11c9G6VMKQ==,type:str] - postgres-db: ENC[AES256_GCM,data:CgJLPv5kfQ==,iv:dBXw0tIg43rIj2avzPXt+sbBpV7M+hAAItCU4kka+vY=,tag:TX+yA3MSOs0w5ZLxe4zLrg==,type:str] + password: ENC[AES256_GCM,data:jGBEh6iBqK+GTbBi7l6XWcfZuw==,iv:b94xUr3SvNKtxCh7C1PWzeK0DylXDIBw4dBCpxlKf5c=,tag:qdWpJhRyARmmBldQxr0mug==,type:str] + user: ENC[AES256_GCM,data:g1o3p79hJA==,iv:cTldxhnPKz2P8FlaEfazqqmZ3cReEPaVIKAG8kjoAP8=,tag:X31E3+9F8kYKob5iyIpKkg==,type:str] + db: ENC[AES256_GCM,data:N4MhP2JtDA==,iv:UlqkQe//aiOMGRdMAkOiouggzlX+QU0YvIgiZQAFf2c=,tag:/WXIxuI7ZvsZa2j7Ua02SA==,type:str] sops: - lastmodified: "2025-05-26T05:35:45Z" - mac: ENC[AES256_GCM,data:GgEuhTjp5VzSXEHQEfgzcYQBNx7nWySaMrf7eLWA5U+1UHUPzgQndFEocgdSnh1juRCN3zEiBwEM4DozQfuxQ2MOHlVEyiaCxQlg0sxd+vXFNT5T5mGr31jvnY/cOb2tnLFRH+Lnfbfnrgm9yugJOQ9JGqblhIoBM5XmPiRifTA=,iv:OFDVIWaQUZf1ey7WYWiPjjcEi+TOwOJD4qVVhfdaoy4=,tag:3MjEU1JuUsIjEUCdYjJMVw==,type:str] + lastmodified: "2025-05-26T06:24:05Z" + mac: ENC[AES256_GCM,data:V3jps1itTa3En89ALjigz7Nn9xl9z9Kp0PXO/Cff2nrhtNpZnCSG+yVx6FVRxzol1JlAsY33NZZOnywKfU3ttBsLVDZ5p0bSp/6MxgHgrQPR5eUHzwH8jPpSwyjUfpLa2pAma4TKR6TxyHpF5jzsLhqlJImQJOwIott11EFhXw4=,iv:cuOvRmXNyugTd1SU9kTQsUNUHBkBPY6j9hwWm6VuUDw=,tag:S6Kn/IqekP+CDqCrQBUkVQ==,type:str] pgp: - - created_at: "2025-05-26T05:35:45Z" + - created_at: "2025-05-26T06:24:05Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklAQ/+JuqL1zpDzfWEa5pDwbyQHAMLt00be1cbnyYS+eYclRv3 - LQjlsOBfB0rArezdXwIA+nf11+OB4zht66Rgdh0RC/nZ58CkOwsAaRTB3QCabaD+ - 3eY0M8sCW7ySS2zCZ7ucNjdtvOoWeQApy5mBM5+MvR22jJE6LO9RfAxMOO+ce45Q - GsTJqN8CcjHLaJ+1NMZWx9gmp+KwbHb8K79GPHY6t4r/c7JJQbWV3b45xgjpEhuh - fobXUjfg5uDqPhhEqGpJcRb1sR9kjJm3eRa4inVgLVMjhk5DZscV6Fzegi2+c0Ct - 3BgEOLWoOPZcqDLhuy7FL2dDWMV/akf4tuYYRSx9Rtw2Q3rE0wjnPgaSlawokx9r - R2DfzXU6zRRJme5yEjxTnUL56pV1cfZFzowFKk2J5VcnO/kURov6td6P4mdWRze4 - eWhguNjYQemhJ36orLIamF9ZqJTvlSmKhc4tWWLwHx//Wownn/1qtsZZ8+YSsnBR - Cw4ZR1rVMS89S/4utdPHduIvxZBBNvgILhdcJxv4aPo7yIf63ES+rOT8b0cGkBkC - 40UQb4b3Fhh48x1N/VXzl/I4pgrWZZbXyXjYEnItMAJDtPEaLY8dmWl8HfnzeQBb - ARMO/Ns2HJU/IcsOAbmWQ9tUrA+l3mif1r5+8ICOEFd8zJX97uQEMMw+plgXix3U - aAEJAhA2kcPvufw+4CwWQTQdOigXEr0aVgSJsb7p6x2RlgnDDmrHXTEdQh3LDE14 - fF4E58D6py5KFcpWaiSqjQe75OywolHg0DVwIpbQ340RA+jCrwtkEn5kMiHkm8mO - l4bc3613t0Ud - =/Q9T + hQIMAxd/Yh1BfDklAQ/6Ao20YMZ0OtLcg8+1h3OZhr32Hy4A5RNl//2TauEQMKRC + kPGtbFhzarTFyZrQEmzJf5R10+6Uils8f0dBneJl0clA7ieI/WfzBHHQPNFHMxbp + MzIzD4+jIg1dV3As+wjn4fcomp508Hub8EpbVqCHk+mbjXCcWtNsWMiccK/rwWY1 + AJCevC32rWvEzNPuGR3EbJ+QQwLJLbwTpZuye02ibOBpkFbwYfHKr0GhAgogR3he + p3AIKrWe02ihEEiukBOqiUfBZ3KKhltXHjeGaXDodfqvFAfejYj4iZAHjARNY3bY + vCO+YP+T3JpdTn+SBjymOQeLFXlD0nR3N2nAR1Czijwx6OfwZbjqabJ+zPzrEjO1 + JYxDnyMpIr0P/yhZmpcOlif8cXgcU5oCxNS31CJczRuBME6T2XFzL6G2JedCaLgi + y4aH170HBsAvk0H7c+Enhlkw1tn3tJ3WRiGKsNS3Pj8sq5M661/dlWkyi3fRV4Bq + 4SIO3pDeE11d7Jdpvm+FDNNP6zJQld1bPxp3NeCSxi8OPUGa3k/E+f0s2zGd5Dtq + CVSA8J/w8bhfB/CLFAAT1f2MsFroc/51kqtIX6lUzDLXB4msz8LRUPGvoIwstf3Y + r0q6SwyN4DscK4V+hfjnOVywKJoobO6KmMkmUHup16vldf51UlbJIlY5uLXMUw3U + aAEJAhCgHEXRjkX9UGU2DmJl/BNH6/yL/G5+Uj0Bo1lOkYrSjOw65Pz7XENOBhyw + s6R6cOzI8FUwoZB6PHxtn6BWaPddciAY8hhVXGHhuYNRhv6hiK3b/GJ+ZupxP6C2 + 1FztkN1Bimfz + =w63A -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From f382e9478993f3b80dcd6d19c662370c60e6196d Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 08:43:51 +0200 Subject: [PATCH 40/94] fix: change field names in postgres secret --- apps/forgejo/forgejo-postgres-secret.yaml | 42 +++++++++++------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/apps/forgejo/forgejo-postgres-secret.yaml b/apps/forgejo/forgejo-postgres-secret.yaml index 0f71dd6..f7944ce 100644 --- a/apps/forgejo/forgejo-postgres-secret.yaml +++ b/apps/forgejo/forgejo-postgres-secret.yaml @@ -5,32 +5,32 @@ metadata: namespace: forgejo type: Opaque stringData: - password: ENC[AES256_GCM,data:jGBEh6iBqK+GTbBi7l6XWcfZuw==,iv:b94xUr3SvNKtxCh7C1PWzeK0DylXDIBw4dBCpxlKf5c=,tag:qdWpJhRyARmmBldQxr0mug==,type:str] - user: ENC[AES256_GCM,data:g1o3p79hJA==,iv:cTldxhnPKz2P8FlaEfazqqmZ3cReEPaVIKAG8kjoAP8=,tag:X31E3+9F8kYKob5iyIpKkg==,type:str] - db: ENC[AES256_GCM,data:N4MhP2JtDA==,iv:UlqkQe//aiOMGRdMAkOiouggzlX+QU0YvIgiZQAFf2c=,tag:/WXIxuI7ZvsZa2j7Ua02SA==,type:str] + username: ENC[AES256_GCM,data:SrsQroRI4Q==,iv:60++AtrrZQg276MWhkMNSRvUKZt9sSNdEsN4XLxYs9A=,tag:wEaLWyRuzubtwIL8nREMag==,type:str] + password: ENC[AES256_GCM,data:1sztMSfu3eUHGrgd7e1y/J43iA==,iv:03exRVv/gtUtT7LhtFddABcfqcAPzq5dp+BjMdhkcNw=,tag:kOfD4z2RZ8He+M7qTTolbA==,type:str] + database: ENC[AES256_GCM,data:sfHkbJou7g==,iv:8lAo1twQaK49im+aPf6MUCkO1b9dhEK2fqV36nUl4pA=,tag:Dio2jAtTN6tr22GB6SmsjA==,type:str] sops: - lastmodified: "2025-05-26T06:24:05Z" - mac: ENC[AES256_GCM,data:V3jps1itTa3En89ALjigz7Nn9xl9z9Kp0PXO/Cff2nrhtNpZnCSG+yVx6FVRxzol1JlAsY33NZZOnywKfU3ttBsLVDZ5p0bSp/6MxgHgrQPR5eUHzwH8jPpSwyjUfpLa2pAma4TKR6TxyHpF5jzsLhqlJImQJOwIott11EFhXw4=,iv:cuOvRmXNyugTd1SU9kTQsUNUHBkBPY6j9hwWm6VuUDw=,tag:S6Kn/IqekP+CDqCrQBUkVQ==,type:str] + lastmodified: "2025-05-26T06:41:42Z" + mac: ENC[AES256_GCM,data:SbXg8wCo/FYUF+yZyq5L27ZdKwlT9B1KlJF7ZDGZw3X2IEJ6LaEba7ZD02Vz51x9Ii9l1pUjk5dkn3R63tnd0NLvvN3VbVgGU26C25VBV5wETQLHmiPnNhyhfWV1IKJ1DheN4b16QaEaRx1Ul2PFzeRMoVHnHVc/tJE1CDZfcqE=,iv:CjJAqZIj5xVOMZxsSL/JfiiJyU9Ho5dNilseQtvr5fM=,tag:21sK5zO6z8uEP8LyDmyWbw==,type:str] pgp: - - created_at: "2025-05-26T06:24:05Z" + - created_at: "2025-05-26T06:41:42Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklAQ/6Ao20YMZ0OtLcg8+1h3OZhr32Hy4A5RNl//2TauEQMKRC - kPGtbFhzarTFyZrQEmzJf5R10+6Uils8f0dBneJl0clA7ieI/WfzBHHQPNFHMxbp - MzIzD4+jIg1dV3As+wjn4fcomp508Hub8EpbVqCHk+mbjXCcWtNsWMiccK/rwWY1 - AJCevC32rWvEzNPuGR3EbJ+QQwLJLbwTpZuye02ibOBpkFbwYfHKr0GhAgogR3he - p3AIKrWe02ihEEiukBOqiUfBZ3KKhltXHjeGaXDodfqvFAfejYj4iZAHjARNY3bY - vCO+YP+T3JpdTn+SBjymOQeLFXlD0nR3N2nAR1Czijwx6OfwZbjqabJ+zPzrEjO1 - JYxDnyMpIr0P/yhZmpcOlif8cXgcU5oCxNS31CJczRuBME6T2XFzL6G2JedCaLgi - y4aH170HBsAvk0H7c+Enhlkw1tn3tJ3WRiGKsNS3Pj8sq5M661/dlWkyi3fRV4Bq - 4SIO3pDeE11d7Jdpvm+FDNNP6zJQld1bPxp3NeCSxi8OPUGa3k/E+f0s2zGd5Dtq - CVSA8J/w8bhfB/CLFAAT1f2MsFroc/51kqtIX6lUzDLXB4msz8LRUPGvoIwstf3Y - r0q6SwyN4DscK4V+hfjnOVywKJoobO6KmMkmUHup16vldf51UlbJIlY5uLXMUw3U - aAEJAhCgHEXRjkX9UGU2DmJl/BNH6/yL/G5+Uj0Bo1lOkYrSjOw65Pz7XENOBhyw - s6R6cOzI8FUwoZB6PHxtn6BWaPddciAY8hhVXGHhuYNRhv6hiK3b/GJ+ZupxP6C2 - 1FztkN1Bimfz - =w63A + hQIMAxd/Yh1BfDklAQ/8CCD+vpiYa48qNhWsBOwRvxaXYjbR7UC2vKvZmWKpLm4i + v30/t2MsPMcbxzYuvzNJPvuyz5ItHahimdnYGfBPx3RK0I77s5pRHCnMi/tArdjF + gidZEhk4XtGIvpqiMgrjKLmJrGxINeBXjoAW0WQJdaiFFfVZkTnm5iKQfd+AYXZ3 + DHQw5prU8xQPLpMz7BqOxw9XtsVWdlDJ258Kv3+rTW7ddUB2seawA/PiLCr2sMEV + iruz69ivHQvX+vc5EKOlzWUIQBeVrP5qYdisx6LBspxcxOXTil/mN4bXNsjSolJ4 + iR3z4B+bM2APgrri8UT3Lmg44TmhfvTtZ9YGl7OqMmY0e7hPHFsWCF1WMNo7XQ6q + tJtgHNTu0+HPWF21a5u0ZqqDEaqU6vvZUnVvSv7f5RvqP6TGUI71uP3C4SddE+kJ + do+g2KxHy63Orc30eReja9aDiBFaJwhfFtZAT2/1+y1sFG2FMS+2d50O+OdEBE1j + RRHV+bXgCk9eLaXSGFlbLF/Ck/jRrg+USRg9/wr5sy7JugVaVMBdmtqw1Ndf6ALj + ozrJ9VaDlL4tiICnFY9rKF7dRfodcZjlmvjsoc8wU5tE0TTSQsmk0i+d09q23C8C + Cd26E6NzaxZYPsD7NFYhxoSTggfsjwGxxKhvdtkpkfoe8wn7YhrKQqFXViipSXTU + aAEJAhC7KIYN6CQ2Gsppjk4z5JwtPQ1dWbMX02vXjKA4xiThOP3nw5mXYmODY8l7 + 3DYGMrNyixXnRsxhCRg8B+68h/wq6yoR6MhPogJBEthRY+ABnUI1fOI5Ba1/akSU + 83ka8/BfPZdu + =LoCO -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From ca604ea4564ebb9fa4fbf1b6f7f4db32df285645 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 09:11:03 +0200 Subject: [PATCH 41/94] fix: change key names in helmrelease to fix forgejo deployment --- apps/forgejo/helmrelease.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index 5ce53e5..ce6e780 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -42,9 +42,9 @@ spec: enabled: true auth: existingSecret: forgejo-postgres - usernameKey: postgres-user - passwordKey: postgres-password - databaseKey: postgres-db + usernameKey: username + passwordKey: password + databaseKey: database primary: persistence: enabled: true From 4afb957cd8213acea440e18cc3d5765bc31bd955 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 09:17:10 +0200 Subject: [PATCH 42/94] fix: change field names to match chart description --- apps/forgejo/helmrelease.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index ce6e780..81d8d46 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -42,9 +42,9 @@ spec: enabled: true auth: existingSecret: forgejo-postgres - usernameKey: username - passwordKey: password - databaseKey: database + username: username + password: password + database: database primary: persistence: enabled: true From 742d143b202f1ae04d07eec21571d855539a06e6 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 09:22:42 +0200 Subject: [PATCH 43/94] fix: try next possible fix by changing fieldnames and adding username --- apps/forgejo/helmrelease.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index 81d8d46..5330697 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -42,9 +42,10 @@ spec: enabled: true auth: existingSecret: forgejo-postgres - username: username - password: password - database: database + usernameKey: username + passwordKey: password + databaseKey: database + username: forgejo primary: persistence: enabled: true From e94a1d07ea6ea953e54e3b38ca863a3353b03e50 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 09:24:46 +0200 Subject: [PATCH 44/94] fix: next try --- apps/forgejo/helmrelease.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index 5330697..ce6e780 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -45,7 +45,6 @@ spec: usernameKey: username passwordKey: password databaseKey: database - username: forgejo primary: persistence: enabled: true From 4c57a3bd5aedfa93d2c6bb7ed33ce6af920f618f Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 09:36:33 +0200 Subject: [PATCH 45/94] fix: fix wrong field name for pvc claim --- apps/forgejo/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index ce6e780..9dcab82 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -12,7 +12,7 @@ spec: values: persistence: enabled: true - existingClaim: forgejo-data + claimName: forgejo-data ingress: enabled: true className: traefik From bcc94db42c85c0d193dee84c104e95e91b33cf33 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 09:59:03 +0200 Subject: [PATCH 46/94] ci: remove forgejo deployment --- apps/kustomization.yaml | 1 - infrastructure/ocirepositories/forgejo.yaml | 11 ----------- 2 files changed, 12 deletions(-) delete mode 100644 infrastructure/ocirepositories/forgejo.yaml diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 1bed5d0..f8c4c0c 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,4 +3,3 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ - - forgejo/ diff --git a/infrastructure/ocirepositories/forgejo.yaml b/infrastructure/ocirepositories/forgejo.yaml deleted file mode 100644 index 6fa869e..0000000 --- a/infrastructure/ocirepositories/forgejo.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: OCIRepository -metadata: - name: forgejo - namespace: flux-system -spec: - interval: 30m - url: oci://code.forgejo.org/forgejo-helm/forgejo - ref: - tag: "12.5.1" - From 3d85ef9bf620ca7d77269b8536ec15a2b346913d Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 10:00:31 +0200 Subject: [PATCH 47/94] ci: remove forgejo directory --- apps/{forgejo => forgejo_old}/certificate.yaml | 0 apps/{forgejo => forgejo_old}/forgejo-admin-secret.yaml | 0 .../{forgejo => forgejo_old}/forgejo-postgres-secret.yaml | 0 apps/{forgejo => forgejo_old}/helmrelease.yaml | 0 apps/forgejo_old/helmrepository.yaml | 8 ++++++++ apps/{forgejo => forgejo_old}/kustomization.yaml | 0 apps/{forgejo => forgejo_old}/namespace.yaml | 0 apps/{forgejo => forgejo_old}/pvc.yaml | 0 8 files changed, 8 insertions(+) rename apps/{forgejo => forgejo_old}/certificate.yaml (100%) rename apps/{forgejo => forgejo_old}/forgejo-admin-secret.yaml (100%) rename apps/{forgejo => forgejo_old}/forgejo-postgres-secret.yaml (100%) rename apps/{forgejo => forgejo_old}/helmrelease.yaml (100%) create mode 100644 apps/forgejo_old/helmrepository.yaml rename apps/{forgejo => forgejo_old}/kustomization.yaml (100%) rename apps/{forgejo => forgejo_old}/namespace.yaml (100%) rename apps/{forgejo => forgejo_old}/pvc.yaml (100%) diff --git a/apps/forgejo/certificate.yaml b/apps/forgejo_old/certificate.yaml similarity index 100% rename from apps/forgejo/certificate.yaml rename to apps/forgejo_old/certificate.yaml diff --git a/apps/forgejo/forgejo-admin-secret.yaml b/apps/forgejo_old/forgejo-admin-secret.yaml similarity index 100% rename from apps/forgejo/forgejo-admin-secret.yaml rename to apps/forgejo_old/forgejo-admin-secret.yaml diff --git a/apps/forgejo/forgejo-postgres-secret.yaml b/apps/forgejo_old/forgejo-postgres-secret.yaml similarity index 100% rename from apps/forgejo/forgejo-postgres-secret.yaml rename to apps/forgejo_old/forgejo-postgres-secret.yaml diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo_old/helmrelease.yaml similarity index 100% rename from apps/forgejo/helmrelease.yaml rename to apps/forgejo_old/helmrelease.yaml diff --git a/apps/forgejo_old/helmrepository.yaml b/apps/forgejo_old/helmrepository.yaml new file mode 100644 index 0000000..12a7f23 --- /dev/null +++ b/apps/forgejo_old/helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: forgejo + namespace: flux-system +spec: + interval: 30m + url: https://codeberg.org/forgejo-contrib/forgejo-helm/raw/branch/main/charts/ diff --git a/apps/forgejo/kustomization.yaml b/apps/forgejo_old/kustomization.yaml similarity index 100% rename from apps/forgejo/kustomization.yaml rename to apps/forgejo_old/kustomization.yaml diff --git a/apps/forgejo/namespace.yaml b/apps/forgejo_old/namespace.yaml similarity index 100% rename from apps/forgejo/namespace.yaml rename to apps/forgejo_old/namespace.yaml diff --git a/apps/forgejo/pvc.yaml b/apps/forgejo_old/pvc.yaml similarity index 100% rename from apps/forgejo/pvc.yaml rename to apps/forgejo_old/pvc.yaml From 91ac694306c5990ca20b88351df712fdafd48844 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:28:24 +0200 Subject: [PATCH 48/94] ci: deploy gitea via flux (git.patanix.de. 40GiB PVC, SOPS) --- apps/gitea/certificate.yaml | 13 +++++++++ apps/gitea/gitea-admin-secret.yaml | 37 ++++++++++++++++++++++++++ apps/gitea/gitea-postgres-secret.yaml | 37 ++++++++++++++++++++++++++ apps/gitea/helmrelease.yaml | 33 ++++++++++++++++++----- apps/gitea/kustomization.yaml | 4 +++ apps/gitea/pvc.yaml | 12 +++++++++ apps/kustomization.yaml | 1 + clusters/production/gitea.yaml | 16 +++++++++++ clusters/production/kustomization.yaml | 2 +- 9 files changed, 147 insertions(+), 8 deletions(-) create mode 100644 apps/gitea/certificate.yaml create mode 100644 apps/gitea/gitea-admin-secret.yaml create mode 100644 apps/gitea/gitea-postgres-secret.yaml create mode 100644 apps/gitea/pvc.yaml create mode 100644 clusters/production/gitea.yaml diff --git a/apps/gitea/certificate.yaml b/apps/gitea/certificate.yaml new file mode 100644 index 0000000..1aa1971 --- /dev/null +++ b/apps/gitea/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: gitea-tls + namespace: gitea +spec: + secretName: gitea-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: git.patanix.de + dnsNames: + - git.patanix.de diff --git a/apps/gitea/gitea-admin-secret.yaml b/apps/gitea/gitea-admin-secret.yaml new file mode 100644 index 0000000..1ba3b58 --- /dev/null +++ b/apps/gitea/gitea-admin-secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: gitea-admin + namespace: gitea +type: Opaque +stringData: + username: ENC[AES256_GCM,data:8i52Lz3nygblugk=,iv:c91g6ngjoRRFCjtHSdSLmKOOve+0A9t9RcoYrgchk/8=,tag:nWslgYM6XcVLEDwdLsEIXg==,type:str] + password: ENC[AES256_GCM,data:3qkc31BWsJgkPZc=,iv:SY26hBe99LDq0HXZhFmfiEddiRQ0hTO5aVk2ISmQMao=,tag:1zOp5itE12tiaZOsoi7AQQ==,type:str] + email: ENC[AES256_GCM,data:8lRKn6O6GqWJUm+dvC3y5fy53ShJhbwzuw==,iv:nfwo89TiW+a4WQJG/z4ENv4gcJWt9i/AaZe63HrlPSw=,tag:XWc8+PBUB3671W23GvRn2g==,type:str] +sops: + lastmodified: "2025-05-26T09:27:04Z" + mac: ENC[AES256_GCM,data:2YtDFEh9DMDQSUgGfkgBRFbWcgpoRIVDLtkM3828n2G4xrrhEonD3Whl0g+GJoHVCa07SE6QTLD7aLNAh7kTH0bxuuc64wNZE+QaZCs4NOJ7PETRK+wLtn6hKKJ0GvwiVSsefh61ia1fVOG67nTaUhmxpDsk/OMZGxlFSwyvHQk=,iv:qWxDJVphXjeSkEYKU5d10GLj+uMWLlrvo0SgfU1on/8=,tag:bFVzzWHRbMf012oOZdIklw==,type:str] + pgp: + - created_at: "2025-05-26T09:27:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklAQ/+LOuVPVvF6m9E4PImKzBk+ftdcOUXGnOCMYq1pAZucqCd + U/pr5Jg8KIFKwiQMSUgsL4ZDfrTa+tHnLZmjvVtFRC323RbkmgjqEQrFmxoPm++P + SBIJup4IPAxQDloCU2ZNht5RP9dwsrwjLspHw7qH/4XWIFcJLtToMej0jPJoZE26 + U3DTjRidVCMSi9bWXAfH0iFiVI09UE7ZKhfkk9EExJ+8u/1VV2YM+ZFqT38CNnqK + 7GvoUcq/JzMgt7vDI/oFxakHNs6fto3lxpm3nEJcVa1hoOJmOJp4wbY7cRhhok7B + +BDBqnU6Nu79ZaDq2Br//RnTVmPGz94ZihifsZzvQmlACHqnX0zXQu03ozYJu5F2 + GM/YeIIkchBvKNjM8VmD8iivT4UozyBHnvzKIR+j65VAeHp7h4+7EOHMenGRF9Lx + j1IfC9OnOrtZZXJo+uhuGbmTlJLzAwxqg2UNXPTZT2VJwI1nznb/u5oomR8oW57P + wjjcAwDH1QQuQvTaPnW9yl5WXA5xqrBSy29byr9ScRLjld28Gs+Nq5Aov5P3mAUn + wJi9nPm2HBNceFpybgfLSkCpKE9L6aEJr0V6bfRhNH6B00O18bbbZzHk2sHyoIVf + vGvn3yEJjglvG3nY3x6p3Pn3oOntF4U45+LwOFhAnpV948aQQY24ysKb1p2Zf/rU + aAEJAhDtuzDWKWQwm6hakLlozhxZ4y4R0Xeo6F7uENJkzvF/hDDLvhMCgzntIdgq + KqLpS0i68/6udId/EFk8FGtgARA0gZku2N4eXm2wi0ZRZcLLjZhoQO7nldcKDjY5 + BQ6qceVnelJI + =YlWO + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/gitea/gitea-postgres-secret.yaml b/apps/gitea/gitea-postgres-secret.yaml new file mode 100644 index 0000000..13decae --- /dev/null +++ b/apps/gitea/gitea-postgres-secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: gitea-postgres + namespace: gitea +type: Opaque +stringData: + postgresql-username: ENC[AES256_GCM,data:wDK4U1M=,iv:pp1svR88BsVDp86YSuKwYHptU2o1kmYC/Rsh9KZ1qcQ=,tag:kRH0Psqsh80CZAcoa7DaIg==,type:str] + postgresql-password: ENC[AES256_GCM,data:Xf3JTparRAEYLwYNV4nsR/s=,iv:xbLtBtcDY0SHRmuEwwiXBojXhIZlcV816Ad22NvYx9I=,tag:yRWpI/8UpSTt/sGvzMBFpw==,type:str] + postgresql-database: ENC[AES256_GCM,data:kAj7y7w=,iv:3LN5NjnXChsBUuJYTvVspxmKR6LT1oJ863Kg8RNBM2s=,tag:L/PGeFyMhmxrlruSoOZ9bw==,type:str] +sops: + lastmodified: "2025-05-26T09:26:56Z" + mac: ENC[AES256_GCM,data:vq7+29bz1TRxTDWKcD7UDTU8JMjRm7hsL5iRE3e5zn35b8yddBPLnWBPQML/123PQQ/oeJwlekqzh6Sm6Llp2cP/wqYsaOQ/uEWJ3Iy6+Zou9VKytolM9dvvMcjmPYyM9WVqsbF2a8sNJ6OSZIlXd+7ngBJ2Z29ztP9y2aHAQNE=,iv:iVOj9GHjmSjVmcv36XlBaHVTVPrdF58UknvkLj884DM=,tag:ZEW8Tmzvb3ZoZ01nKH2xUg==,type:str] + pgp: + - created_at: "2025-05-26T09:26:56Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklARAAi1hB7OruAZemE/MY2dw9ZTt3IP93hUhvV0NK/1vzqACr + YmRTr80tFkayytvKU++NCSgWZ17qfqdwexPfl5g10/ge/33FSJL+2ClyvI5C6Tqm + hdSJE96ILAnURu3J2sbOcvmPrJmDEE8MA6nhVmVaJOOUmG4pBzgpmHppV7Ctuhhn + xeIdc9rwJIQ8+9gOy112WS5USxhOAS7mKMQvfQ9u+u2/HRYyOzzVzKq9ByJLnnpq + CVyOxAEJs4+VfX6rf3VcL+xPFUESBOQYfDK4dkBGvtsGICEiqg51LEt3hMFfEZB5 + ZiMwW92F4nLDQRzWdjgWihd+3xpQ0GujXNNmgZEIrubdR4h80WGu79w6EXmP1wvE + YimIsMrFmJ7xb81cvDwpd4WPbKP5Wu4dLZ3X2oktOhFFtC/J6jL1tfS7rysOiWFw + MghxxfDNnnvTeQRFXal0zpxOF6lU2Bo6cFneA/xpqKtn5tWeh/bDFjNoQp6bVEYM + mh5o3lEOsBUgHxz/krJhExi0yBmnM5YBNWQnag6eVavpXgDGA2dU73Rdmnp5MZeR + wB/CcysKxhe4PE3nzipFrnvWkHb/KeTicFfkPU6/7EoTjdJkoZ/gfOT7PwpwVxly + zv1/xdL4v/6YKFQXtd2fmaERHQ+gd6MjaO7uQMB1O5GvRYhq9cGKCVFKeErZv8zU + aAEJAhDUHWRd/spqIfKe1sep4glWcGiUHLA2NfH/YbFKBxb0PcSOBqpHL97wUCGO + NvQIcsTtf1pPiXvEb1SdWto2dsaK5Yl3x2MYQCsemFfz+wNWVQ84w2LaIrAtLju9 + V0GBGSbnNaZ2 + =vpRf + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index 4bf68a5..c3c6d9d 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -9,24 +9,42 @@ spec: chart: spec: chart: gitea - version: "11.0.1" + version: "12.0.0" sourceRef: kind: HelmRepository name: gitea-charts namespace: flux-system values: + valkey-cluster: + enabled: false + valkey: + enabled: true + postgresql: + enabled: true + auth: + existingSecret: gitea-postgres + # usernameKey: postgres-user + # passwordKey: postgres-password + # databaseKey: postgres-db + postgresql-ha: + enabled: false persistence: enabled: true - storageClass: longhorn - size: 5Gi + existingClaim: gitea-data ingress: enabled: true className: traefik hosts: - - host: gitea.local + - host: git.patanix.de paths: - path: / pathType: Prefix + tls: + - secretName: gitea-tls + hosts: + - git.patanix.de + annotations: + cert-manager.io/cluster-issuer: letsencrypt-dns service: http: type: ClusterIP @@ -36,9 +54,10 @@ spec: port: 22 gitea: admin: - username: giteaadmin - password: changeme - email: patrykhegenberg@gmail.com + existingSecret: gitea-admin + usernameKey: username + passwordKey: password + emailKey: email metrics: enabled: true actions: diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml index b4a3d7c..088890c 100644 --- a/apps/gitea/kustomization.yaml +++ b/apps/gitea/kustomization.yaml @@ -4,3 +4,7 @@ resources: - namespace.yaml - helmrepository.yaml - helmrelease.yaml + - gitea-admin-secret.yaml + - gitea-postgres-secret.yaml + - pvc.yaml + - certificate.yaml diff --git a/apps/gitea/pvc.yaml b/apps/gitea/pvc.yaml new file mode 100644 index 0000000..c135469 --- /dev/null +++ b/apps/gitea/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gitea-data + namespace: gitea +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 40Gi + storageClassName: local-path diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index f8c4c0c..197be73 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ + - gitea/ diff --git a/clusters/production/gitea.yaml b/clusters/production/gitea.yaml new file mode 100644 index 0000000..7f3c437 --- /dev/null +++ b/clusters/production/gitea.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: gitea + namespace: flux-system +spec: + interval: 10m + path: ../../apps/gitea + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 2488197..ef7921f 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - cert-manager.yaml - kitchenowl.yaml - - forgejo.yaml + - gitea.yaml - ocirepository.yaml - ../../infrastructure - ../../apps From f6ccc9f99351c37afa577b8b958772f8a1c381fc Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:31:17 +0200 Subject: [PATCH 49/94] fix: change secret key names --- apps/gitea/gitea-admin-secret.yaml | 42 +++++++++++++-------------- apps/gitea/gitea-postgres-secret.yaml | 42 +++++++++++++-------------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/apps/gitea/gitea-admin-secret.yaml b/apps/gitea/gitea-admin-secret.yaml index 1ba3b58..a260a8b 100644 --- a/apps/gitea/gitea-admin-secret.yaml +++ b/apps/gitea/gitea-admin-secret.yaml @@ -5,32 +5,32 @@ metadata: namespace: gitea type: Opaque stringData: - username: ENC[AES256_GCM,data:8i52Lz3nygblugk=,iv:c91g6ngjoRRFCjtHSdSLmKOOve+0A9t9RcoYrgchk/8=,tag:nWslgYM6XcVLEDwdLsEIXg==,type:str] - password: ENC[AES256_GCM,data:3qkc31BWsJgkPZc=,iv:SY26hBe99LDq0HXZhFmfiEddiRQ0hTO5aVk2ISmQMao=,tag:1zOp5itE12tiaZOsoi7AQQ==,type:str] - email: ENC[AES256_GCM,data:8lRKn6O6GqWJUm+dvC3y5fy53ShJhbwzuw==,iv:nfwo89TiW+a4WQJG/z4ENv4gcJWt9i/AaZe63HrlPSw=,tag:XWc8+PBUB3671W23GvRn2g==,type:str] + username: ENC[AES256_GCM,data:ZBxl7DQBLe5fDww=,iv:zTwXtGFqL3yMgAzyDpsGiMAJ8scB32SC1Ehuuhk1pDE=,tag:CZidHkUJizZmEtY6eo6m6w==,type:str] + password: ENC[AES256_GCM,data:VyN6dle4JZsWIzg=,iv:TZiVv8J9tJowNJm2428vyeX0u3fjBuMJbgCpEJFNE2s=,tag:Ojv881IpyNS8wrCkUFaAmg==,type:str] + email: ENC[AES256_GCM,data:TMBijnBYYQLBx1TWUra/HF5vAFZjZ4fRZQ==,iv:jGhot21TVqEij4LPwoRfTbPXBImivgg9knqRHuU6A8Y=,tag:2mKfHvYugmOmqdZfe4risg==,type:str] sops: - lastmodified: "2025-05-26T09:27:04Z" - mac: ENC[AES256_GCM,data:2YtDFEh9DMDQSUgGfkgBRFbWcgpoRIVDLtkM3828n2G4xrrhEonD3Whl0g+GJoHVCa07SE6QTLD7aLNAh7kTH0bxuuc64wNZE+QaZCs4NOJ7PETRK+wLtn6hKKJ0GvwiVSsefh61ia1fVOG67nTaUhmxpDsk/OMZGxlFSwyvHQk=,iv:qWxDJVphXjeSkEYKU5d10GLj+uMWLlrvo0SgfU1on/8=,tag:bFVzzWHRbMf012oOZdIklw==,type:str] + lastmodified: "2025-05-26T09:30:16Z" + mac: ENC[AES256_GCM,data:bcOQjgb3ie22ape8QooHVhcqYTGHPgN0W4j5ikbozI8YqIIudS9V0RA2dV2wzRNqBDaEsGTzqGIqe4aXEa7juizdxPEL63EtFmU06UbqjoUyw3UUiSPVTj7GVIpPGR3OhRyNJSKYy/ZkVQvAYllI56Du1FNV99lF+ytBQo/wU8w=,iv:ipqhozwXFE9bVuQqsZrBxHtVHcsIWiVewuDWTlofgNs=,tag:lNalhPo0WA4NKjVoRxzwuw==,type:str] pgp: - - created_at: "2025-05-26T09:27:04Z" + - created_at: "2025-05-26T09:30:16Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklAQ/+LOuVPVvF6m9E4PImKzBk+ftdcOUXGnOCMYq1pAZucqCd - U/pr5Jg8KIFKwiQMSUgsL4ZDfrTa+tHnLZmjvVtFRC323RbkmgjqEQrFmxoPm++P - SBIJup4IPAxQDloCU2ZNht5RP9dwsrwjLspHw7qH/4XWIFcJLtToMej0jPJoZE26 - U3DTjRidVCMSi9bWXAfH0iFiVI09UE7ZKhfkk9EExJ+8u/1VV2YM+ZFqT38CNnqK - 7GvoUcq/JzMgt7vDI/oFxakHNs6fto3lxpm3nEJcVa1hoOJmOJp4wbY7cRhhok7B - +BDBqnU6Nu79ZaDq2Br//RnTVmPGz94ZihifsZzvQmlACHqnX0zXQu03ozYJu5F2 - GM/YeIIkchBvKNjM8VmD8iivT4UozyBHnvzKIR+j65VAeHp7h4+7EOHMenGRF9Lx - j1IfC9OnOrtZZXJo+uhuGbmTlJLzAwxqg2UNXPTZT2VJwI1nznb/u5oomR8oW57P - wjjcAwDH1QQuQvTaPnW9yl5WXA5xqrBSy29byr9ScRLjld28Gs+Nq5Aov5P3mAUn - wJi9nPm2HBNceFpybgfLSkCpKE9L6aEJr0V6bfRhNH6B00O18bbbZzHk2sHyoIVf - vGvn3yEJjglvG3nY3x6p3Pn3oOntF4U45+LwOFhAnpV948aQQY24ysKb1p2Zf/rU - aAEJAhDtuzDWKWQwm6hakLlozhxZ4y4R0Xeo6F7uENJkzvF/hDDLvhMCgzntIdgq - KqLpS0i68/6udId/EFk8FGtgARA0gZku2N4eXm2wi0ZRZcLLjZhoQO7nldcKDjY5 - BQ6qceVnelJI - =YlWO + hQIMAxd/Yh1BfDklARAAiGkRRw5T62eViNLz9JIDsFcnQ7gJfb/CuoGTFFGnGY9e + I4mLxjxYvZfnBKKCHCxnMjhBGc+l2VWbbYhiFOXY2XIUHNsvL/7qPvrRvVTHuHIq + GKjL+sgY1NBNt2zftcJEMVR+EYr8EbAlq7dk3bOHWJxA99cf0ZBYHk1Vp3uh8XkO + zYn4FgRr+2+MB3Tf89lbsJH73JqYHhC73RKxxcIDFrSm/s5PaBrV2/Bkv45e9AOd + N2xQgw5rLFC0mxZd6fWEIjJw+19XgwowFFD4zK5T5eDYilAoS3tCSPQaewVmoUQM + MZtfE2QcSKCyZDdeWcwUWld0g+ANUT/NhtpyxJDbMxH1GVot7yh5L71uh9Y5ikMd + hkpBBe5z2rcpAOEel/rKKLopIqc0gaz8THCiTJWD7AdlHiy0fQ7Pd7nKAQujWzrf + 8+aMNSJ7kGPvzcLVSatXaJbHu9DDTyXf3sznKIiFnxS9fr28wCAUBFzg6rEzj4Xb + ptQzVcA3+x026sXn7EUxL10O3st7RIV2/tF24zoGpb2W8mlGkt47LvijrcmvQcnW + s8iUsu3rSdYAdQ0WjV/NG7b8eaB/Jbe0WukvD4Dm0SHq5ZDqZhCp9e0v+RcwsapJ + WKstsBwGiTud+WMKmJjb5ziJ7X0wW9sst1HFyiwdAdus42aWVIrJa5gSCVUs90TU + ZgEJAhBtni2z5cPKkFivbn1yoIeZi7QH1PF2+ucFhdfSVcPuCBWydtz67aTH7rYa + XpGjhFYHapmph9nbDUueTrf2l5Q4LorVUsHwbM424Wo5gN8GF/l0af29ASLVvhPD + WpAzLIa+Fw== + =xXsp -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ diff --git a/apps/gitea/gitea-postgres-secret.yaml b/apps/gitea/gitea-postgres-secret.yaml index 13decae..6460874 100644 --- a/apps/gitea/gitea-postgres-secret.yaml +++ b/apps/gitea/gitea-postgres-secret.yaml @@ -5,32 +5,32 @@ metadata: namespace: gitea type: Opaque stringData: - postgresql-username: ENC[AES256_GCM,data:wDK4U1M=,iv:pp1svR88BsVDp86YSuKwYHptU2o1kmYC/Rsh9KZ1qcQ=,tag:kRH0Psqsh80CZAcoa7DaIg==,type:str] - postgresql-password: ENC[AES256_GCM,data:Xf3JTparRAEYLwYNV4nsR/s=,iv:xbLtBtcDY0SHRmuEwwiXBojXhIZlcV816Ad22NvYx9I=,tag:yRWpI/8UpSTt/sGvzMBFpw==,type:str] - postgresql-database: ENC[AES256_GCM,data:kAj7y7w=,iv:3LN5NjnXChsBUuJYTvVspxmKR6LT1oJ863Kg8RNBM2s=,tag:L/PGeFyMhmxrlruSoOZ9bw==,type:str] + username: ENC[AES256_GCM,data:NZfr22Y=,iv:VMlsh9ckDu3zNGuOLMCBGcT/7vkkL1nxCn4T6LGfYZA=,tag:eNFfc8T+GsyqXaLMAmXLoA==,type:str] + password: ENC[AES256_GCM,data:6YwYO5/ySuaWeIyUP9eE/rY=,iv:7Wy8QX2Nm3GMKwFUBcbjP/aQzQoOGua+DiLLF+WRM7k=,tag:sabUpIc6HxsMSgHxFtf3DA==,type:str] + database: ENC[AES256_GCM,data:i73BvSs=,iv:TW2dAgyWhBZ75Dj0LPxZ1PZBz/8zXMlthqeXLMzYAGg=,tag:x2zUpzhMbvM/EAn6NwUHKA==,type:str] sops: - lastmodified: "2025-05-26T09:26:56Z" - mac: ENC[AES256_GCM,data:vq7+29bz1TRxTDWKcD7UDTU8JMjRm7hsL5iRE3e5zn35b8yddBPLnWBPQML/123PQQ/oeJwlekqzh6Sm6Llp2cP/wqYsaOQ/uEWJ3Iy6+Zou9VKytolM9dvvMcjmPYyM9WVqsbF2a8sNJ6OSZIlXd+7ngBJ2Z29ztP9y2aHAQNE=,iv:iVOj9GHjmSjVmcv36XlBaHVTVPrdF58UknvkLj884DM=,tag:ZEW8Tmzvb3ZoZ01nKH2xUg==,type:str] + lastmodified: "2025-05-26T09:30:57Z" + mac: ENC[AES256_GCM,data:zkUiZeTTyquGzNcASf7AmVuRkDh29JBgrTDpGvAh7G/MZbNd2PSCjmfReXMDOj6Zfw3VtHzpZcD1dJTeGI5QkyRtmBm5nJsvmTf2/xLGepGA492VL9q3ZL83onJD4dMUQ8XsfTo4eE4ZGNj1DVkqO2QjsH8A/OGsWrwvVtq+tJM=,iv:LjLVPpARB/3oWrFugli9GzzS25zO+4MkH2+58nQTb/A=,tag:8kjlDWitAkvxc01nEheVqA==,type:str] pgp: - - created_at: "2025-05-26T09:26:56Z" + - created_at: "2025-05-26T09:30:57Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklARAAi1hB7OruAZemE/MY2dw9ZTt3IP93hUhvV0NK/1vzqACr - YmRTr80tFkayytvKU++NCSgWZ17qfqdwexPfl5g10/ge/33FSJL+2ClyvI5C6Tqm - hdSJE96ILAnURu3J2sbOcvmPrJmDEE8MA6nhVmVaJOOUmG4pBzgpmHppV7Ctuhhn - xeIdc9rwJIQ8+9gOy112WS5USxhOAS7mKMQvfQ9u+u2/HRYyOzzVzKq9ByJLnnpq - CVyOxAEJs4+VfX6rf3VcL+xPFUESBOQYfDK4dkBGvtsGICEiqg51LEt3hMFfEZB5 - ZiMwW92F4nLDQRzWdjgWihd+3xpQ0GujXNNmgZEIrubdR4h80WGu79w6EXmP1wvE - YimIsMrFmJ7xb81cvDwpd4WPbKP5Wu4dLZ3X2oktOhFFtC/J6jL1tfS7rysOiWFw - MghxxfDNnnvTeQRFXal0zpxOF6lU2Bo6cFneA/xpqKtn5tWeh/bDFjNoQp6bVEYM - mh5o3lEOsBUgHxz/krJhExi0yBmnM5YBNWQnag6eVavpXgDGA2dU73Rdmnp5MZeR - wB/CcysKxhe4PE3nzipFrnvWkHb/KeTicFfkPU6/7EoTjdJkoZ/gfOT7PwpwVxly - zv1/xdL4v/6YKFQXtd2fmaERHQ+gd6MjaO7uQMB1O5GvRYhq9cGKCVFKeErZv8zU - aAEJAhDUHWRd/spqIfKe1sep4glWcGiUHLA2NfH/YbFKBxb0PcSOBqpHL97wUCGO - NvQIcsTtf1pPiXvEb1SdWto2dsaK5Yl3x2MYQCsemFfz+wNWVQ84w2LaIrAtLju9 - V0GBGSbnNaZ2 - =vpRf + hQIMAxd/Yh1BfDklARAAoEqquItRSC7fQV2G9kun50AsPz6aF/KfWvTM2IcM2fev + RTnn3mZWBAZTNDLT79CpV3/JstWHTI2Rsc2vSbTCHwz/UXpueuHvmX956COQT4fd + VdiDKj8dtbmoN6RveiOl+D8qYUfQAHJcpts0xutDfPAqmJ85EVizaqpqNdTb5lbC + VjaG49Ap8f3qXiNAc406Y9PCpyCGIseZceCc2J9lUbIyMe2E0Dq49+YZguUCvfW7 + IZ0eYRiJmpbns1pEIwCMlpjApJzZGfwkgf4YiywPQGwJc4MvV1A81L0cSKgBwNiz + aDOcppP9D94oH/WrZWQFLK+zC2INUgtBnB18rRNTVQQapfY2e1LkiDCBklFbv4V1 + s5CMfZ1wLdD+Im4rc1IflTSF0t+/PfFJO+IfQjQHoWwO/lZB0pyJX5dTNEtoR+cf + jBVdENH/eJDnpWQUPUT6G604qMgS4z87tf/MBYmXUs2eu4Tnus8t8DgdYptIhxJh + c9+Znr536qNha9PKGFI4vEh+ls5rn0NuEigYxz3PRr0LxPwMfU/CvI59AXRRusU3 + 6KfjW9hCZrBqKZYO755VjA8Yd8efKVyUaBBdA20s+oe8NBEfQw/mSiMuWXEzk46M + 7OkEvipkJoM+2RdssZtECYTTUBNesWNiCLbLfnjgyw3nsSnc31GBe29m2VA7BHnU + ZgEJAhBVTnqMN4kcG2Cg9jz3wxI8KMGpYdXpM9bCRawIFd6oezFgD5gLQ6g5vJzP + R5Zclo1x1Q6EgINE2DeYXVJdguRjzdureL7K4OpIe+1JfOSRfbFeX08bveJfROMF + Hh04dNcpKQ== + =r14B -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From 2dc09f863a69a3743e4adebb91fd7e0f8f8210a4 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:34:14 +0200 Subject: [PATCH 50/94] fix: downgrade helm-chart version to still use build in actions --- apps/gitea/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index c3c6d9d..d8a3b59 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: gitea - version: "12.0.0" + version: "11.0.1" sourceRef: kind: HelmRepository name: gitea-charts From 246c3b717dd2a23ec7c7d113439bb15f11499dda Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:36:56 +0200 Subject: [PATCH 51/94] fix: use standarts for postgres --- apps/gitea/helmrelease.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index d8a3b59..dfb15d2 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -21,8 +21,8 @@ spec: enabled: true postgresql: enabled: true - auth: - existingSecret: gitea-postgres + # auth: + # existingSecret: gitea-postgres # usernameKey: postgres-user # passwordKey: postgres-password # databaseKey: postgres-db From 9a461d7711ae6549642ac6465111bba3223869a9 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:40:39 +0200 Subject: [PATCH 52/94] fix: make changes to try a fix --- apps/gitea/helmrelease.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index dfb15d2..aba3bbe 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -21,11 +21,11 @@ spec: enabled: true postgresql: enabled: true - # auth: - # existingSecret: gitea-postgres - # usernameKey: postgres-user - # passwordKey: postgres-password - # databaseKey: postgres-db + auth: + existingSecret: gitea-postgres + usernameKey: username + passwordKey: password + databaseKey: database postgresql-ha: enabled: false persistence: From 49a5a3fcc430d419b2d2a5a558a1f6bf37a35782 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:43:46 +0200 Subject: [PATCH 53/94] fix: fix wrong indentation --- apps/gitea/helmrelease.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index aba3bbe..634bf2f 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -23,9 +23,9 @@ spec: enabled: true auth: existingSecret: gitea-postgres - usernameKey: username - passwordKey: password - databaseKey: database + usernameKey: username + passwordKey: password + databaseKey: database postgresql-ha: enabled: false persistence: From 3b3783aff6572272d662ee7115627a75e7aa7b5a Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:48:36 +0200 Subject: [PATCH 54/94] fix: changes values to fix deployment problems --- apps/gitea/helmrelease.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index 634bf2f..ba052f1 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -21,16 +21,12 @@ spec: enabled: true postgresql: enabled: true - auth: - existingSecret: gitea-postgres - usernameKey: username - passwordKey: password - databaseKey: database postgresql-ha: enabled: false persistence: enabled: true - existingClaim: gitea-data + size: 40GiB + storageClass: local-path ingress: enabled: true className: traefik From 377bf97825ba6ace18bdf2f0023044f162adaafe Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 11:54:01 +0200 Subject: [PATCH 55/94] fix: delete postgres secret --- apps/gitea/gitea-postgres-secret.yaml | 37 --------------------------- 1 file changed, 37 deletions(-) delete mode 100644 apps/gitea/gitea-postgres-secret.yaml diff --git a/apps/gitea/gitea-postgres-secret.yaml b/apps/gitea/gitea-postgres-secret.yaml deleted file mode 100644 index 6460874..0000000 --- a/apps/gitea/gitea-postgres-secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitea-postgres - namespace: gitea -type: Opaque -stringData: - username: ENC[AES256_GCM,data:NZfr22Y=,iv:VMlsh9ckDu3zNGuOLMCBGcT/7vkkL1nxCn4T6LGfYZA=,tag:eNFfc8T+GsyqXaLMAmXLoA==,type:str] - password: ENC[AES256_GCM,data:6YwYO5/ySuaWeIyUP9eE/rY=,iv:7Wy8QX2Nm3GMKwFUBcbjP/aQzQoOGua+DiLLF+WRM7k=,tag:sabUpIc6HxsMSgHxFtf3DA==,type:str] - database: ENC[AES256_GCM,data:i73BvSs=,iv:TW2dAgyWhBZ75Dj0LPxZ1PZBz/8zXMlthqeXLMzYAGg=,tag:x2zUpzhMbvM/EAn6NwUHKA==,type:str] -sops: - lastmodified: "2025-05-26T09:30:57Z" - mac: ENC[AES256_GCM,data:zkUiZeTTyquGzNcASf7AmVuRkDh29JBgrTDpGvAh7G/MZbNd2PSCjmfReXMDOj6Zfw3VtHzpZcD1dJTeGI5QkyRtmBm5nJsvmTf2/xLGepGA492VL9q3ZL83onJD4dMUQ8XsfTo4eE4ZGNj1DVkqO2QjsH8A/OGsWrwvVtq+tJM=,iv:LjLVPpARB/3oWrFugli9GzzS25zO+4MkH2+58nQTb/A=,tag:8kjlDWitAkvxc01nEheVqA==,type:str] - pgp: - - created_at: "2025-05-26T09:30:57Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAxd/Yh1BfDklARAAoEqquItRSC7fQV2G9kun50AsPz6aF/KfWvTM2IcM2fev - RTnn3mZWBAZTNDLT79CpV3/JstWHTI2Rsc2vSbTCHwz/UXpueuHvmX956COQT4fd - VdiDKj8dtbmoN6RveiOl+D8qYUfQAHJcpts0xutDfPAqmJ85EVizaqpqNdTb5lbC - VjaG49Ap8f3qXiNAc406Y9PCpyCGIseZceCc2J9lUbIyMe2E0Dq49+YZguUCvfW7 - IZ0eYRiJmpbns1pEIwCMlpjApJzZGfwkgf4YiywPQGwJc4MvV1A81L0cSKgBwNiz - aDOcppP9D94oH/WrZWQFLK+zC2INUgtBnB18rRNTVQQapfY2e1LkiDCBklFbv4V1 - s5CMfZ1wLdD+Im4rc1IflTSF0t+/PfFJO+IfQjQHoWwO/lZB0pyJX5dTNEtoR+cf - jBVdENH/eJDnpWQUPUT6G604qMgS4z87tf/MBYmXUs2eu4Tnus8t8DgdYptIhxJh - c9+Znr536qNha9PKGFI4vEh+ls5rn0NuEigYxz3PRr0LxPwMfU/CvI59AXRRusU3 - 6KfjW9hCZrBqKZYO755VjA8Yd8efKVyUaBBdA20s+oe8NBEfQw/mSiMuWXEzk46M - 7OkEvipkJoM+2RdssZtECYTTUBNesWNiCLbLfnjgyw3nsSnc31GBe29m2VA7BHnU - ZgEJAhBVTnqMN4kcG2Cg9jz3wxI8KMGpYdXpM9bCRawIFd6oezFgD5gLQ6g5vJzP - R5Zclo1x1Q6EgINE2DeYXVJdguRjzdureL7K4OpIe+1JfOSRfbFeX08bveJfROMF - Hh04dNcpKQ== - =r14B - -----END PGP MESSAGE----- - fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 - encrypted_regex: ^(data|stringData)$ - version: 3.10.2 From 966e1bc1f5e3e61c9a41b58ef09675963529b9b9 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 12:08:18 +0200 Subject: [PATCH 56/94] fix: remove helmrelease for gitea to clean up cluster before redeployment --- apps/gitea/kustomization.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml index 088890c..8f0fa4c 100644 --- a/apps/gitea/kustomization.yaml +++ b/apps/gitea/kustomization.yaml @@ -3,8 +3,8 @@ kind: Kustomization resources: - namespace.yaml - helmrepository.yaml - - helmrelease.yaml + # - helmrelease.yaml - gitea-admin-secret.yaml - - gitea-postgres-secret.yaml - - pvc.yaml + # - gitea-postgres-secret.yaml + # - pvc.yaml - certificate.yaml From 9e525dd0359bccef53e8e1e66509e1964745cca0 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 12:15:32 +0200 Subject: [PATCH 57/94] fix: completly remove gitea --- apps/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 197be73..00d5a3d 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,4 +3,4 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ - - gitea/ + # - gitea/ From 85783484a79cf0bdd77f706bed7963eaf928b33c Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 12:19:19 +0200 Subject: [PATCH 58/94] fix: redeploy gitea via flux --- apps/gitea/kustomization.yaml | 2 +- apps/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml index 8f0fa4c..c81e2fd 100644 --- a/apps/gitea/kustomization.yaml +++ b/apps/gitea/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - namespace.yaml - helmrepository.yaml - # - helmrelease.yaml + - helmrelease.yaml - gitea-admin-secret.yaml # - gitea-postgres-secret.yaml # - pvc.yaml diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 00d5a3d..197be73 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,4 +3,4 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ - # - gitea/ + - gitea/ From fb31e504be1a07d8fe7c9cb914ec35947a702e5f Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 12:32:14 +0200 Subject: [PATCH 59/94] fix: deactivate actions to deploy gitea --- apps/gitea/helmrelease.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index ba052f1..e85dd49 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -57,9 +57,9 @@ spec: metrics: enabled: true actions: - enabled: true + enabled: false provisioning: - enabled: true + enabled: false statefulset: actRunner: repository: gitea/act_runner @@ -71,7 +71,7 @@ spec: pullPolicy: IfNotPresent config: actions: - ENABLED: true + ENABLED: false metrics: ENABLED: true repository: From d99b3c7db227c414be804f02854a39136266ece7 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 12:34:55 +0200 Subject: [PATCH 60/94] fix: change volume claim size to match chart description --- apps/gitea/helmrelease.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index e85dd49..fb1f59f 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -25,7 +25,7 @@ spec: enabled: false persistence: enabled: true - size: 40GiB + size: 40Gi storageClass: local-path ingress: enabled: true @@ -57,9 +57,9 @@ spec: metrics: enabled: true actions: - enabled: false + enabled: true provisioning: - enabled: false + enabled: true statefulset: actRunner: repository: gitea/act_runner @@ -71,7 +71,7 @@ spec: pullPolicy: IfNotPresent config: actions: - ENABLED: false + ENABLED: true metrics: ENABLED: true repository: From 1cb27ba3e11ca4dd378ce6bb6e32d929e4e70a38 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 12:36:31 +0200 Subject: [PATCH 61/94] fix: try another fix --- apps/gitea/helmrelease.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index fb1f59f..3abdeca 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -57,9 +57,9 @@ spec: metrics: enabled: true actions: - enabled: true + enabled: false provisioning: - enabled: true + enabled: false statefulset: actRunner: repository: gitea/act_runner @@ -71,7 +71,7 @@ spec: pullPolicy: IfNotPresent config: actions: - ENABLED: true + ENABLED: false metrics: ENABLED: true repository: From eee35cb5405c59676c79fdca47724065165e7720 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 12:40:45 +0200 Subject: [PATCH 62/94] ci: activate actions and runner --- apps/gitea/helmrelease.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index 3abdeca..fb1f59f 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -57,9 +57,9 @@ spec: metrics: enabled: true actions: - enabled: false + enabled: true provisioning: - enabled: false + enabled: true statefulset: actRunner: repository: gitea/act_runner @@ -71,7 +71,7 @@ spec: pullPolicy: IfNotPresent config: actions: - ENABLED: false + ENABLED: true metrics: ENABLED: true repository: From 1017fe77130878ab418b712b1c1392ce68a9bd55 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 13:32:37 +0200 Subject: [PATCH 63/94] fix: disable provisioning for gitea runner --- apps/gitea/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index fb1f59f..8ee1daa 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -59,7 +59,7 @@ spec: actions: enabled: true provisioning: - enabled: true + enabled: false statefulset: actRunner: repository: gitea/act_runner From 92182d47083b632c64cea7d144ce145c19e886cf Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 13:36:49 +0200 Subject: [PATCH 64/94] fix: reanable provosioning --- apps/gitea/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/gitea/helmrelease.yaml b/apps/gitea/helmrelease.yaml index 8ee1daa..fb1f59f 100644 --- a/apps/gitea/helmrelease.yaml +++ b/apps/gitea/helmrelease.yaml @@ -59,7 +59,7 @@ spec: actions: enabled: true provisioning: - enabled: false + enabled: true statefulset: actRunner: repository: gitea/act_runner From a4e842a4e488cafb69a1b4d555cda649b7551147 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 13:38:51 +0200 Subject: [PATCH 65/94] ci: diasble gitea --- apps/kustomization.yaml | 3 ++- clusters/production/kustomization.yaml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 197be73..99becfd 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,4 +3,5 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ - - gitea/ + # - gitea/ + # - forgejo/ diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index ef7921f..6e4adb3 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - cert-manager.yaml - kitchenowl.yaml - - gitea.yaml - - ocirepository.yaml + # - gitea.yaml + # - ocirepository.yaml - ../../infrastructure - ../../apps From a4b390a2cc1c18dcf9f68cc20fb9daeb3f3665a1 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 13:53:17 +0200 Subject: [PATCH 66/94] ci: redeploy forgejo via flux cd (git.patanix.de, 40GiB PVC, SOPS) --- .../{forgejo_old => forgejo}/certificate.yaml | 0 apps/forgejo/forgejo-admin-secret.yaml | 37 +++++++++++++++++++ .../{forgejo_old => forgejo}/helmrelease.yaml | 13 +------ .../kustomization.yaml | 2 - apps/{forgejo_old => forgejo}/namespace.yaml | 0 apps/forgejo_old/forgejo-admin-secret.yaml | 37 ------------------- apps/forgejo_old/forgejo-postgres-secret.yaml | 37 ------------------- apps/forgejo_old/pvc.yaml | 12 ------ apps/kustomization.yaml | 3 +- clusters/production/kustomization.yaml | 4 +- .../ocirepositories/forgejo.yaml | 6 ++- 11 files changed, 46 insertions(+), 105 deletions(-) rename apps/{forgejo_old => forgejo}/certificate.yaml (100%) create mode 100644 apps/forgejo/forgejo-admin-secret.yaml rename apps/{forgejo_old => forgejo}/helmrelease.yaml (75%) rename apps/{forgejo_old => forgejo}/kustomization.yaml (78%) rename apps/{forgejo_old => forgejo}/namespace.yaml (100%) delete mode 100644 apps/forgejo_old/forgejo-admin-secret.yaml delete mode 100644 apps/forgejo_old/forgejo-postgres-secret.yaml delete mode 100644 apps/forgejo_old/pvc.yaml rename apps/forgejo_old/helmrepository.yaml => infrastructure/ocirepositories/forgejo.yaml (53%) diff --git a/apps/forgejo_old/certificate.yaml b/apps/forgejo/certificate.yaml similarity index 100% rename from apps/forgejo_old/certificate.yaml rename to apps/forgejo/certificate.yaml diff --git a/apps/forgejo/forgejo-admin-secret.yaml b/apps/forgejo/forgejo-admin-secret.yaml new file mode 100644 index 0000000..5555a93 --- /dev/null +++ b/apps/forgejo/forgejo-admin-secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-admin + namespace: forgejo +type: Opaque +stringData: + username: ENC[AES256_GCM,data:5U+NQFI=,iv:Hy4WQ1iSSDGY1/hZeqvUlUmbH2DzrFaIMRXHhPFFNao=,tag:ssIQ38hN5dqBamzKfqOntA==,type:str] + email: ENC[AES256_GCM,data:TkA4de0xPhpa6vNh8yqgUDxpTiFnQjbVcg==,iv:BCrKyx52wvCdXXKPDqQpCEt5LL3pe13MAb0SBx4cU2E=,tag:lnjjPIxSOMgqrhAeFCqI/w==,type:str] + password: ENC[AES256_GCM,data:m+UcNRE/KjJuZn4=,iv:FHE0gAQo+jJluWyjhDcxqKfxKsh2+MNCnU0oCBZJ15M=,tag:3TBBB9N4l1CkQPovPGzXNw==,type:str] +sops: + lastmodified: "2025-05-26T11:50:42Z" + mac: ENC[AES256_GCM,data:QCmUknliiOFBXfVNzYNjdtHMG+ZNC9WyQT7Q6+zhJAeFr2CbpsMmlqHFuKj68c7zlty6ZZpc58ZVMnp6l29n9YTPNKjNlIbtkVYcd3SPnAEOiiYXyxymJdPjWmRwi1XxsfVPkG8Vb0psWtRuHgJxpDsGWEPFMDw9B2pyRITBPEw=,iv:YsX7bSb5Exzb1fs/ZfVQiz5yFUkL1YDTag+1zHSYUk8=,tag:PR3/N9QdJ1X++6Og6FLWLQ==,type:str] + pgp: + - created_at: "2025-05-26T11:50:42Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklARAAk/2MvtyJYevYh6DMMdOlj+KwjAifju/T1a9/yEdVZEOA + 8EC+zq49NIIkrpw3vy18TMSg0Sp4jDUatIjN06zrmPZp6p5x26VDjOcuNiyZIgp+ + 6IFs2yvPk7rqExC/4eOK3BS7YWcBPTrhFCMBLaeWOi+Ku1qmTmPNufogUp7/RcHF + Sk9lqtiGcGvV7nQs+SXakgxnI019AJ5y3DBkACJwLaTBZaCc8ebCVJpuBhQpBuql + ArtL7l8FEf5Yy8WZny9agK+sRZc3LugFS+XVlVKzfY53tPIanwYqdFQbXCAcKXXp + zAqR6f15+lpCIKjoPbBgrmun+OtyGHfFelaQFnLQwefAUFiS2lGlukgHdC8B9yjk + iw6uCM3NPAdtzDoHlE5AdkauXF2vfW0yvnaCOzh3ogsMsQG9VbcRXQUXx2SUW+2r + BNJUaiGnRMoMFjsms6TSY7EMFT7dnyRGOlhFZLocEDBzfjsCvvuvuOoyrw1gTiJw + tgT685+Su80qbtTrfWGx7tewhFn/ERklgLFWa3WrJxXmfajpI4ksardtB5EclnMb + b9uV95WroK5C3IbE2q8y2qpt51tizUZCMYHNOr0XdBGgkwkMtPRAdTnXABaiBgfk + dNOHL1sMngT7tfVuazPPV5KuCYJ47aKFNjTq7PyDkU+Y/5xqa2yOGn43wSjJXJ7U + aAEJAhDXjJgiE9z5Fms0y1Q6PJzZB40EKyOYidhV64YqOeNMb4rEwsr41t+jo5EY + x0HAkWPxAtcLGHn31jZtwGN0sMyHQ8wMjNFaGzIOFaLYHGB5mHWKcKPgItMp3rDR + 5DZ8W+sMt4Df + =OK0Y + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/forgejo_old/helmrelease.yaml b/apps/forgejo/helmrelease.yaml similarity index 75% rename from apps/forgejo_old/helmrelease.yaml rename to apps/forgejo/helmrelease.yaml index 9dcab82..13ee71d 100644 --- a/apps/forgejo_old/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -12,7 +12,8 @@ spec: values: persistence: enabled: true - claimName: forgejo-data + size: 40Gi + storageClass: local-path ingress: enabled: true className: traefik @@ -40,13 +41,3 @@ spec: enabled: false postgresql: enabled: true - auth: - existingSecret: forgejo-postgres - usernameKey: username - passwordKey: password - databaseKey: database - primary: - persistence: - enabled: true - storageClass: local-path - size: 8Gi diff --git a/apps/forgejo_old/kustomization.yaml b/apps/forgejo/kustomization.yaml similarity index 78% rename from apps/forgejo_old/kustomization.yaml rename to apps/forgejo/kustomization.yaml index 4497ef3..9d94b3d 100644 --- a/apps/forgejo_old/kustomization.yaml +++ b/apps/forgejo/kustomization.yaml @@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - - pvc.yaml - forgejo-admin-secret.yaml - - forgejo-postgres-secret.yaml - helmrelease.yaml - certificate.yaml diff --git a/apps/forgejo_old/namespace.yaml b/apps/forgejo/namespace.yaml similarity index 100% rename from apps/forgejo_old/namespace.yaml rename to apps/forgejo/namespace.yaml diff --git a/apps/forgejo_old/forgejo-admin-secret.yaml b/apps/forgejo_old/forgejo-admin-secret.yaml deleted file mode 100644 index eaff096..0000000 --- a/apps/forgejo_old/forgejo-admin-secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: forgejo-admin - namespace: forgejo -type: Opaque -stringData: - username: ENC[AES256_GCM,data:fMYot9k=,iv:pYWAXZJwbeGkVYqkkCwy+mt2+C/nV0htJTLElbCsC9w=,tag:uHCY5wXI2Hw5evHmLvjGGA==,type:str] - email: ENC[AES256_GCM,data:qmtRbInJDiFatiZ9/+UfqzLThgEAZHXG+g==,iv:jLL8HQOlp26DucUd6926FiddgdXAgPlRg0Bh/TYSFGg=,tag:jFwn/W4yim/FAS8Inh0/fw==,type:str] - password: ENC[AES256_GCM,data:/H3kA+soznxZAME=,iv:pCtsO6HWYXYu7hbhQw+8dnHbBztmsQc2jDfMztZMY/g=,tag:4eUxzfwuBOF3fG3dUqMPkw==,type:str] -sops: - lastmodified: "2025-05-26T05:35:31Z" - mac: ENC[AES256_GCM,data:P1dvbZRm3YtrV1Xj8WuvTVWbmyaj3Grejlrs8QqmNawFyetAQo0by0iGsYvWzPhTbLbrK6GS/WOfc+hW85asRuresXDaJCzfuYcJX0wav5z4P5hrTDZDV/Mi1jgZ3v75ZVHqTqV7m0kCY0tgRCDyGL0FKi9gqLO2SPjPgMUKCHM=,iv:BARvvC59BgmghzunnihyVIiNenA+hd0k8XRh5H7QL9c=,tag:E05gPL7F+RfMyFX1qUrpog==,type:str] - pgp: - - created_at: "2025-05-26T05:35:31Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAxd/Yh1BfDklAQ//QOjSRd8bXDBaiCel1n5BnudTkPcZuHNeR0HQtAVG4eHh - FT32Zq18mdaIDyLFuDHbyERICBZFs4d/JuXOblbmg2FvIUhR4a/egiaAGSdu6kqZ - VUYmDZyVkE2pdHb47wKazzQ6/QVQ3LTWDBMOMCS2svMrVcMskw6qAVT3nqTXWTT0 - P6qwCCbNF+SMtn6K8QR8ihbF0nbjvVgafyKVFU/jmagu4P9th2nhpeePpc0HXAii - +PnTi88TJ/OH0qPtZsqP90WICQkJ9IbHKH7cNf/Q4qn2K2KtfgUZJJJLDuqDwsKL - 4h34T3U+QOZUVgmEeyfGAvgVN95sIvnXjcab0TTtZCajjTy4RvjJ19x3iRYKEMwW - vAsuztDUFb7PYk2xOxCQHUf8eZVKL4immIIkQ5+ERKGGjV3lWakeiVfIGjqHy3U3 - I1tEpQ+fT/aQGx7UyIeu1Aa/s9yhBWwpcwddXG5P52f2CagzjqvIE+qFKtrDyyUm - PR1/dIi1lhbCkMMr9q93y06xOLvxgvWedV4prtOCQnsadbZoCFOgGJFrAXZ3nQmo - iu5UG4cZU29kuN4GLItXpowusLXXquGH9lXF0MKrDIyOhf3k9b1DNoF1Vir2K7jg - +XkN+T2n+GfOswp4WJx7am2P/jK0/4WuwWhCq+t/I80u/jKuttytKqXrZ+nHBanU - aAEJAhDihxbI/EkSjsK7yMXrF2oA/s8eRSrh9t3FtdbkSLPPjp2pNR80CrcBW1+5 - 74S1hKyv637XyIDdG61ELiJ0Rz6YolshZo2g37+Y7udX0F9exVZX5GcosEpWzjzE - UCRfv3bJp/E4 - =oQ/p - -----END PGP MESSAGE----- - fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 - encrypted_regex: ^(data|stringData)$ - version: 3.10.2 diff --git a/apps/forgejo_old/forgejo-postgres-secret.yaml b/apps/forgejo_old/forgejo-postgres-secret.yaml deleted file mode 100644 index f7944ce..0000000 --- a/apps/forgejo_old/forgejo-postgres-secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: forgejo-postgres - namespace: forgejo -type: Opaque -stringData: - username: ENC[AES256_GCM,data:SrsQroRI4Q==,iv:60++AtrrZQg276MWhkMNSRvUKZt9sSNdEsN4XLxYs9A=,tag:wEaLWyRuzubtwIL8nREMag==,type:str] - password: ENC[AES256_GCM,data:1sztMSfu3eUHGrgd7e1y/J43iA==,iv:03exRVv/gtUtT7LhtFddABcfqcAPzq5dp+BjMdhkcNw=,tag:kOfD4z2RZ8He+M7qTTolbA==,type:str] - database: ENC[AES256_GCM,data:sfHkbJou7g==,iv:8lAo1twQaK49im+aPf6MUCkO1b9dhEK2fqV36nUl4pA=,tag:Dio2jAtTN6tr22GB6SmsjA==,type:str] -sops: - lastmodified: "2025-05-26T06:41:42Z" - mac: ENC[AES256_GCM,data:SbXg8wCo/FYUF+yZyq5L27ZdKwlT9B1KlJF7ZDGZw3X2IEJ6LaEba7ZD02Vz51x9Ii9l1pUjk5dkn3R63tnd0NLvvN3VbVgGU26C25VBV5wETQLHmiPnNhyhfWV1IKJ1DheN4b16QaEaRx1Ul2PFzeRMoVHnHVc/tJE1CDZfcqE=,iv:CjJAqZIj5xVOMZxsSL/JfiiJyU9Ho5dNilseQtvr5fM=,tag:21sK5zO6z8uEP8LyDmyWbw==,type:str] - pgp: - - created_at: "2025-05-26T06:41:42Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAxd/Yh1BfDklAQ/8CCD+vpiYa48qNhWsBOwRvxaXYjbR7UC2vKvZmWKpLm4i - v30/t2MsPMcbxzYuvzNJPvuyz5ItHahimdnYGfBPx3RK0I77s5pRHCnMi/tArdjF - gidZEhk4XtGIvpqiMgrjKLmJrGxINeBXjoAW0WQJdaiFFfVZkTnm5iKQfd+AYXZ3 - DHQw5prU8xQPLpMz7BqOxw9XtsVWdlDJ258Kv3+rTW7ddUB2seawA/PiLCr2sMEV - iruz69ivHQvX+vc5EKOlzWUIQBeVrP5qYdisx6LBspxcxOXTil/mN4bXNsjSolJ4 - iR3z4B+bM2APgrri8UT3Lmg44TmhfvTtZ9YGl7OqMmY0e7hPHFsWCF1WMNo7XQ6q - tJtgHNTu0+HPWF21a5u0ZqqDEaqU6vvZUnVvSv7f5RvqP6TGUI71uP3C4SddE+kJ - do+g2KxHy63Orc30eReja9aDiBFaJwhfFtZAT2/1+y1sFG2FMS+2d50O+OdEBE1j - RRHV+bXgCk9eLaXSGFlbLF/Ck/jRrg+USRg9/wr5sy7JugVaVMBdmtqw1Ndf6ALj - ozrJ9VaDlL4tiICnFY9rKF7dRfodcZjlmvjsoc8wU5tE0TTSQsmk0i+d09q23C8C - Cd26E6NzaxZYPsD7NFYhxoSTggfsjwGxxKhvdtkpkfoe8wn7YhrKQqFXViipSXTU - aAEJAhC7KIYN6CQ2Gsppjk4z5JwtPQ1dWbMX02vXjKA4xiThOP3nw5mXYmODY8l7 - 3DYGMrNyixXnRsxhCRg8B+68h/wq6yoR6MhPogJBEthRY+ABnUI1fOI5Ba1/akSU - 83ka8/BfPZdu - =LoCO - -----END PGP MESSAGE----- - fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 - encrypted_regex: ^(data|stringData)$ - version: 3.10.2 diff --git a/apps/forgejo_old/pvc.yaml b/apps/forgejo_old/pvc.yaml deleted file mode 100644 index 8f8f506..0000000 --- a/apps/forgejo_old/pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: forgejo-data - namespace: forgejo -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 40Gi - storageClassName: local-path diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 99becfd..1bed5d0 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,5 +3,4 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ - # - gitea/ - # - forgejo/ + - forgejo/ diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 6e4adb3..2488197 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - cert-manager.yaml - kitchenowl.yaml - # - gitea.yaml - # - ocirepository.yaml + - forgejo.yaml + - ocirepository.yaml - ../../infrastructure - ../../apps diff --git a/apps/forgejo_old/helmrepository.yaml b/infrastructure/ocirepositories/forgejo.yaml similarity index 53% rename from apps/forgejo_old/helmrepository.yaml rename to infrastructure/ocirepositories/forgejo.yaml index 12a7f23..cf40613 100644 --- a/apps/forgejo_old/helmrepository.yaml +++ b/infrastructure/ocirepositories/forgejo.yaml @@ -1,8 +1,10 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository +kind: OCIRepository metadata: name: forgejo namespace: flux-system spec: interval: 30m - url: https://codeberg.org/forgejo-contrib/forgejo-helm/raw/branch/main/charts/ + url: oci://code.forgejo.org/forgejo-helm/forgejo + ref: + tag: "12.5.1" From 99fc340efc53c563af620ef54b41c2719c8885eb Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 14:40:31 +0200 Subject: [PATCH 67/94] ci: deploy forgejo runner with flux cd --- apps/forgejo-runner/helmrelease.yaml | 27 ++++++++++++++ apps/forgejo-runner/kustomization.yaml | 5 +++ apps/forgejo-runner/runner-secret.yaml | 35 +++++++++++++++++++ apps/kustomization.yaml | 1 + clusters/production/forgejo-runner.yaml | 16 +++++++++ clusters/production/kustomization.yaml | 1 + .../ocirepositories/forgejo-runner.yaml | 8 +++++ 7 files changed, 93 insertions(+) create mode 100644 apps/forgejo-runner/helmrelease.yaml create mode 100644 apps/forgejo-runner/kustomization.yaml create mode 100644 apps/forgejo-runner/runner-secret.yaml create mode 100644 clusters/production/forgejo-runner.yaml create mode 100644 infrastructure/ocirepositories/forgejo-runner.yaml diff --git a/apps/forgejo-runner/helmrelease.yaml b/apps/forgejo-runner/helmrelease.yaml new file mode 100644 index 0000000..f0969de --- /dev/null +++ b/apps/forgejo-runner/helmrelease.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: forgejo-runner + namespace: forgejo +spec: + interval: 15m + chart: + spec: + chart: forgejo-runner + version: "0.4.28" + sourceRef: + kind: OCIRepository + name: forgejo-runner + namespace: flux-system + values: + forgejo: + url: "https://git.patanix.de" + tokenSecretName: forgejo-runner-token + dind: + enabled: true + # Optional: Runner-Name, Labels, Ressourcen etc. + # name: "my-runner" + # labels: + # - "docker" + # - "k8s" + diff --git a/apps/forgejo-runner/kustomization.yaml b/apps/forgejo-runner/kustomization.yaml new file mode 100644 index 0000000..f2dd991 --- /dev/null +++ b/apps/forgejo-runner/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - runner-secret.yaml + - helmrelease.yaml diff --git a/apps/forgejo-runner/runner-secret.yaml b/apps/forgejo-runner/runner-secret.yaml new file mode 100644 index 0000000..378fb33 --- /dev/null +++ b/apps/forgejo-runner/runner-secret.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-runner-token + namespace: forgejo +type: Opaque +stringData: + token: ENC[AES256_GCM,data:uwGkYaziWJ9pNPR2LuEr7+yWU+b2Jp6YnXPDbV8TEyjC/NegAvcfhQ==,iv:Fou5Z/ZjINmQgFIFCoMeHoDP8O6kAzZs/ZrRdttaVzA=,tag:oaM95SQ/NAq6T9CLIqtsCQ==,type:str] +sops: + lastmodified: "2025-05-26T12:30:10Z" + mac: ENC[AES256_GCM,data:KyZi4zu9fUFtyGsxEhS7I2nWEL8eRggczeKyAAstTdfiXSTeyGFFWhu6u5MbtobqYsoSrxc5UbYNJKj8LEIEZtW5cfHgFcebkFu9LSKfgkqTbyJUqivurmXPxYrN/03N/xYvCK5yNA3hLJ1VG9UBTIxduGnfEah4gy079Z5z8H0=,iv:otP6yM2s/DeLZ/kH4I1Vct4cJ2fpl3A2qD0K6MNMSKE=,tag:kA6fKLWKYkbILxfG7q5JUQ==,type:str] + pgp: + - created_at: "2025-05-26T12:30:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklAQ/+IxTzk0xWdqnDbi13ymMGmyog2Z+cdfLtDqLN8A/bLPiL + EBtU8y2GOGJSWz28fXkTWSgXk7OqW2C8vGQ3EQTat88IDhnU0u+k6qSOb8QlpPD+ + hR/+EJOw9mlu/BCrja+Qv0uLa9z/jkTispWfZBdnPOzgqwRySk7X2pQcbzwubHLB + vRUvkznN5maOA4hBB2vjK8D5C3d8C3C6uwmq14SVRY1RAwGbq1q/OYgdGb8/QurQ + Ob5zRVWs35DFoAH4DxCro0pAwgBbTs+sXjFuTNo0aLoxHoMGV0511VC+biZDUWVp + qqT6jHbscQqRJqg2NFL5vAWn/mKsL3qTqeVhatHUraS/WNe8vA/brQxRbI8r+Sdh + /uGKtvIyKfUSTeNAXotOGiQCHlp98icRNemV1vFNS3Uq6qw4Pd5qomyPODv+3za2 + Sk0l1gWxwF2MOdbaf8tTJyXrXjN1RQsL9C68DUVdPggqVoD01euIrej6Obo/u9wq + qQXD7XtfsP2AjUvEwpXJnxVhn5Az5ZIEzmyyxzGpduojPTCxOPNwWIzS6IJmxd+L + tKgSePkFsL32SRM2l1ZSV58bUePkT1QArndyG6+kZnTZCyLz7lCuq/ETIyj6yMpV + b3ICKCwssEiAZAwG/+cYDIjUuvKt4wLNCFHAdqeDI38W+zrN4KNe291PnuxZEenU + aAEJAhCbe3AToXHZr8YvDbylOyk6egwQ+or7ofWANh3pjoF8Sk1Bo3d6Uch8bYsn + Pg1Ft4j9df4Yp5AKlRu3cdmsrm1MTkpsD0hIBqoQDEcsIiaHXFG7fwftPtES80vO + NsfThf7f4T/o + =4A1/ + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 1bed5d0..7928324 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -4,3 +4,4 @@ resources: - home-assistant/ - kitchenowl/ - forgejo/ + - forgejo-runner/ diff --git a/clusters/production/forgejo-runner.yaml b/clusters/production/forgejo-runner.yaml new file mode 100644 index 0000000..3d27676 --- /dev/null +++ b/clusters/production/forgejo-runner.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: forgejo + namespace: flux-system +spec: + interval: 10m + path: ../../apps/forgejo-runner + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 2488197..d31dc1e 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -4,6 +4,7 @@ resources: - cert-manager.yaml - kitchenowl.yaml - forgejo.yaml + - forgejo-runner.yaml - ocirepository.yaml - ../../infrastructure - ../../apps diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml new file mode 100644 index 0000000..8521b64 --- /dev/null +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: forgejo-runner + namespace: flux-system +spec: + interval: 30m + url: oci://codeberg.org/wrenix/helm-charts From 6c8d4132b2f554a3f18a44944adda5dfbf142ef1 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 14:47:59 +0200 Subject: [PATCH 68/94] fix: add missing version to fogejo-runner --- apps/forgejo-runner/helmrelease.yaml | 12 ++++-------- infrastructure/ocirepositories/forgejo-runner.yaml | 1 + 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/apps/forgejo-runner/helmrelease.yaml b/apps/forgejo-runner/helmrelease.yaml index f0969de..1452147 100644 --- a/apps/forgejo-runner/helmrelease.yaml +++ b/apps/forgejo-runner/helmrelease.yaml @@ -5,14 +5,10 @@ metadata: namespace: forgejo spec: interval: 15m - chart: - spec: - chart: forgejo-runner - version: "0.4.28" - sourceRef: - kind: OCIRepository - name: forgejo-runner - namespace: flux-system + chartRef: + kind: OCIRepository + name: forgejo-runner + namespace: flux-system values: forgejo: url: "https://git.patanix.de" diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml index 8521b64..4d64401 100644 --- a/infrastructure/ocirepositories/forgejo-runner.yaml +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -6,3 +6,4 @@ metadata: spec: interval: 30m url: oci://codeberg.org/wrenix/helm-charts + ref: "0.4.28" From d0d4e0ab1c407c04f0de0dfc56ff39a0dda1fbfe Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 14:59:36 +0200 Subject: [PATCH 69/94] fix: change config for runner to enable deployment --- apps/forgejo-runner/helmrelease.yaml | 12 ++++++++---- infrastructure/ocirepositories/forgejo-runner.yaml | 1 - 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/apps/forgejo-runner/helmrelease.yaml b/apps/forgejo-runner/helmrelease.yaml index 1452147..f0969de 100644 --- a/apps/forgejo-runner/helmrelease.yaml +++ b/apps/forgejo-runner/helmrelease.yaml @@ -5,10 +5,14 @@ metadata: namespace: forgejo spec: interval: 15m - chartRef: - kind: OCIRepository - name: forgejo-runner - namespace: flux-system + chart: + spec: + chart: forgejo-runner + version: "0.4.28" + sourceRef: + kind: OCIRepository + name: forgejo-runner + namespace: flux-system values: forgejo: url: "https://git.patanix.de" diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml index 4d64401..8521b64 100644 --- a/infrastructure/ocirepositories/forgejo-runner.yaml +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -6,4 +6,3 @@ metadata: spec: interval: 30m url: oci://codeberg.org/wrenix/helm-charts - ref: "0.4.28" From 1773f035cafa8259e45dcc226f015f581ef74a64 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 15:06:20 +0200 Subject: [PATCH 70/94] fix: add namespace to forgejo-runner --- apps/forgejo-runner/kustomization.yaml | 1 + apps/forgejo-runner/namespace.yaml | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 apps/forgejo-runner/namespace.yaml diff --git a/apps/forgejo-runner/kustomization.yaml b/apps/forgejo-runner/kustomization.yaml index f2dd991..1ff728d 100644 --- a/apps/forgejo-runner/kustomization.yaml +++ b/apps/forgejo-runner/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yaml - runner-secret.yaml - helmrelease.yaml diff --git a/apps/forgejo-runner/namespace.yaml b/apps/forgejo-runner/namespace.yaml new file mode 100644 index 0000000..bcd886c --- /dev/null +++ b/apps/forgejo-runner/namespace.yaml @@ -0,0 +1,5 @@ +# namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + name: forgejo From 0b9e3cf0d271b47b468dfc62da252d5786e7b7d6 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 15:08:40 +0200 Subject: [PATCH 71/94] fix: add tag to runner ocirepo --- infrastructure/ocirepositories/forgejo-runner.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml index 8521b64..4f17b44 100644 --- a/infrastructure/ocirepositories/forgejo-runner.yaml +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -6,3 +6,5 @@ metadata: spec: interval: 30m url: oci://codeberg.org/wrenix/helm-charts + ref: + tag: "0.4.28" From be5a71bc3d88d4aab50293c54ab9aa42365ba432 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 15:11:47 +0200 Subject: [PATCH 72/94] fix: add missing path to repo --- infrastructure/ocirepositories/forgejo-runner.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml index 4f17b44..e18f73a 100644 --- a/infrastructure/ocirepositories/forgejo-runner.yaml +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -5,6 +5,6 @@ metadata: namespace: flux-system spec: interval: 30m - url: oci://codeberg.org/wrenix/helm-charts + url: oci://codeberg.org/wrenix/helm-charts/forgejo-runner ref: tag: "0.4.28" From d62b0cc464d4edbfe7657afe415efd3626e8c527 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 15:33:54 +0200 Subject: [PATCH 73/94] fix: change config to fix errors --- apps/forgejo-runner/helmrelease.yaml | 12 ++++-------- infrastructure/ocirepositories/forgejo-runner.yaml | 1 + 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/apps/forgejo-runner/helmrelease.yaml b/apps/forgejo-runner/helmrelease.yaml index f0969de..1452147 100644 --- a/apps/forgejo-runner/helmrelease.yaml +++ b/apps/forgejo-runner/helmrelease.yaml @@ -5,14 +5,10 @@ metadata: namespace: forgejo spec: interval: 15m - chart: - spec: - chart: forgejo-runner - version: "0.4.28" - sourceRef: - kind: OCIRepository - name: forgejo-runner - namespace: flux-system + chartRef: + kind: OCIRepository + name: forgejo-runner + namespace: flux-system values: forgejo: url: "https://git.patanix.de" diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml index e18f73a..96b666f 100644 --- a/infrastructure/ocirepositories/forgejo-runner.yaml +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -5,6 +5,7 @@ metadata: namespace: flux-system spec: interval: 30m + provider: generic url: oci://codeberg.org/wrenix/helm-charts/forgejo-runner ref: tag: "0.4.28" From b60d9de6a28b4784bd61c8815dfe90949c1aa302 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 15:36:56 +0200 Subject: [PATCH 74/94] fix: another try --- infrastructure/ocirepositories/forgejo-runner.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml index 96b666f..a1b6bb3 100644 --- a/infrastructure/ocirepositories/forgejo-runner.yaml +++ b/infrastructure/ocirepositories/forgejo-runner.yaml @@ -8,4 +8,4 @@ spec: provider: generic url: oci://codeberg.org/wrenix/helm-charts/forgejo-runner ref: - tag: "0.4.28" + tag: 0.4.28 From 5e766fe3688084e7a4d41c83154e3e06334925f8 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 15:47:44 +0200 Subject: [PATCH 75/94] fix: try fixing the issue by ussing a deployment.yaml --- apps/forgejo-runner/deployment.yaml | 74 ++++++++++++++++++++++++++++ apps/forgejo-runner/helmrelease.yaml | 23 --------- 2 files changed, 74 insertions(+), 23 deletions(-) create mode 100644 apps/forgejo-runner/deployment.yaml delete mode 100644 apps/forgejo-runner/helmrelease.yaml diff --git a/apps/forgejo-runner/deployment.yaml b/apps/forgejo-runner/deployment.yaml new file mode 100644 index 0000000..56b87ee --- /dev/null +++ b/apps/forgejo-runner/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: forgejo-runner + namespace: forgejo + labels: + app: forgejo-runner +spec: + replicas: 1 + selector: + matchLabels: + app: forgejo-runner + template: + metadata: + labels: + app: forgejo-runner + spec: + restartPolicy: Always + volumes: + - name: docker-certs + emptyDir: {} + - name: runner-data + emptyDir: {} + initContainers: + - name: runner-config-generation + image: code.forgejo.org/forgejo/runner:3.0.0 + command: + [ + "sh", + "-c", + "forgejo-runner create-runner-file --instance $FORGEJO_INSTANCE_URL --secret $RUNNER_SECRET --connect" + ] + env: + - name: RUNNER_SECRET + valueFrom: + secretKeyRef: + name: forgejo-runner-token + key: token + - name: FORGEJO_INSTANCE_URL + value: https://git.patanix.de + volumeMounts: + - name: runner-data + mountPath: /data + containers: + - name: runner + image: code.forgejo.org/forgejo/runner:3.0.0 + command: + [ + "sh", + "-c", + "while ! nc -z localhost 2376 Date: Mon, 26 May 2025 15:54:02 +0200 Subject: [PATCH 76/94] fix: add deployment tot kustomization --- apps/forgejo-runner/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/forgejo-runner/kustomization.yaml b/apps/forgejo-runner/kustomization.yaml index 1ff728d..be7ea08 100644 --- a/apps/forgejo-runner/kustomization.yaml +++ b/apps/forgejo-runner/kustomization.yaml @@ -3,4 +3,4 @@ kind: Kustomization resources: - namespace.yaml - runner-secret.yaml - - helmrelease.yaml + - deployment.yaml From e78d1fdc901f7cbdb439e7a5ed91c1b0204f9d30 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 15:57:30 +0200 Subject: [PATCH 77/94] fix: remove ocirepo for runner --- infrastructure/ocirepositories/forgejo-runner.yaml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 infrastructure/ocirepositories/forgejo-runner.yaml diff --git a/infrastructure/ocirepositories/forgejo-runner.yaml b/infrastructure/ocirepositories/forgejo-runner.yaml deleted file mode 100644 index a1b6bb3..0000000 --- a/infrastructure/ocirepositories/forgejo-runner.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: OCIRepository -metadata: - name: forgejo-runner - namespace: flux-system -spec: - interval: 30m - provider: generic - url: oci://codeberg.org/wrenix/helm-charts/forgejo-runner - ref: - tag: 0.4.28 From 9444c1e042818d3ae8d2eeef76576831e887b006 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:02:43 +0200 Subject: [PATCH 78/94] fix: and the next try --- .../{forgejo-runner.yaml => forgejo-runner-sops.yaml} | 0 clusters/production/kustomization.yaml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename clusters/production/{forgejo-runner.yaml => forgejo-runner-sops.yaml} (100%) diff --git a/clusters/production/forgejo-runner.yaml b/clusters/production/forgejo-runner-sops.yaml similarity index 100% rename from clusters/production/forgejo-runner.yaml rename to clusters/production/forgejo-runner-sops.yaml diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index d31dc1e..5bfd85f 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -4,7 +4,7 @@ resources: - cert-manager.yaml - kitchenowl.yaml - forgejo.yaml - - forgejo-runner.yaml + - forgejo-runner-sops.yaml - ocirepository.yaml - ../../infrastructure - ../../apps From 5b166b5654c5a1b0912ed0885ee75527541ff67a Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:06:27 +0200 Subject: [PATCH 79/94] fix: and another one --- .../{forgejo-runner-sops.yaml => forgejo-runner.yaml} | 0 clusters/production/kustomization.yaml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename clusters/production/{forgejo-runner-sops.yaml => forgejo-runner.yaml} (100%) diff --git a/clusters/production/forgejo-runner-sops.yaml b/clusters/production/forgejo-runner.yaml similarity index 100% rename from clusters/production/forgejo-runner-sops.yaml rename to clusters/production/forgejo-runner.yaml diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 5bfd85f..3072450 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -4,7 +4,7 @@ resources: - cert-manager.yaml - kitchenowl.yaml - forgejo.yaml - - forgejo-runner-sops.yaml + # - forgejo-runner-sops.yaml - ocirepository.yaml - ../../infrastructure - ../../apps From cac970d0df33f1fa08b2c4a93d3314dfeb2ff02d Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:07:31 +0200 Subject: [PATCH 80/94] fix: and another one --- apps/forgejo-runner/namespace.yaml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 apps/forgejo-runner/namespace.yaml diff --git a/apps/forgejo-runner/namespace.yaml b/apps/forgejo-runner/namespace.yaml deleted file mode 100644 index bcd886c..0000000 --- a/apps/forgejo-runner/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: forgejo From 585f5df540f5d90edd4b8ab3b507136119a249b6 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:08:29 +0200 Subject: [PATCH 81/94] fix: the next one --- apps/forgejo-runner/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/forgejo-runner/kustomization.yaml b/apps/forgejo-runner/kustomization.yaml index be7ea08..48500e1 100644 --- a/apps/forgejo-runner/kustomization.yaml +++ b/apps/forgejo-runner/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml - runner-secret.yaml - deployment.yaml From a7aea65e8fb57e7393ac52bae4ba60a5960aa3e6 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:14:40 +0200 Subject: [PATCH 82/94] fix: readd forgejo-runner.yaml --- clusters/production/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 3072450..5bfd85f 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -4,7 +4,7 @@ resources: - cert-manager.yaml - kitchenowl.yaml - forgejo.yaml - # - forgejo-runner-sops.yaml + - forgejo-runner-sops.yaml - ocirepository.yaml - ../../infrastructure - ../../apps From 05d6f449f1f56091c1dddfb1386e51ce3cf053f2 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:18:03 +0200 Subject: [PATCH 83/94] fix: just trying --- clusters/production/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 5bfd85f..d31dc1e 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -4,7 +4,7 @@ resources: - cert-manager.yaml - kitchenowl.yaml - forgejo.yaml - - forgejo-runner-sops.yaml + - forgejo-runner.yaml - ocirepository.yaml - ../../infrastructure - ../../apps From 689ab4985eefd578a14ff22f039ae22fbda5b431 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:19:12 +0200 Subject: [PATCH 84/94] fix: and another --- clusters/production/forgejo-runner.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/production/forgejo-runner.yaml b/clusters/production/forgejo-runner.yaml index 3d27676..0ae4b3c 100644 --- a/clusters/production/forgejo-runner.yaml +++ b/clusters/production/forgejo-runner.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: forgejo + name: forgejo-runner namespace: flux-system spec: interval: 10m From ddb043aae796935c5085edd40ec90ece89e61d10 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:31:44 +0200 Subject: [PATCH 85/94] fix: update runner version --- apps/forgejo-runner/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/forgejo-runner/deployment.yaml b/apps/forgejo-runner/deployment.yaml index 56b87ee..90c0036 100644 --- a/apps/forgejo-runner/deployment.yaml +++ b/apps/forgejo-runner/deployment.yaml @@ -23,7 +23,7 @@ spec: emptyDir: {} initContainers: - name: runner-config-generation - image: code.forgejo.org/forgejo/runner:3.0.0 + image: code.forgejo.org/forgejo/runner:6.3.1 command: [ "sh", From b2c741063800b65d387485c542a17b99a6a3e538 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 16:35:43 +0200 Subject: [PATCH 86/94] fix: ... --- apps/forgejo-runner/runner-secret.yaml | 38 +++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/apps/forgejo-runner/runner-secret.yaml b/apps/forgejo-runner/runner-secret.yaml index 378fb33..532fa14 100644 --- a/apps/forgejo-runner/runner-secret.yaml +++ b/apps/forgejo-runner/runner-secret.yaml @@ -5,30 +5,30 @@ metadata: namespace: forgejo type: Opaque stringData: - token: ENC[AES256_GCM,data:uwGkYaziWJ9pNPR2LuEr7+yWU+b2Jp6YnXPDbV8TEyjC/NegAvcfhQ==,iv:Fou5Z/ZjINmQgFIFCoMeHoDP8O6kAzZs/ZrRdttaVzA=,tag:oaM95SQ/NAq6T9CLIqtsCQ==,type:str] + token: ENC[AES256_GCM,data:xO+3sSjM+rWEaf9CNgYnNuj6FUr3O0Rk76ysXuR5hHugh2J7/Ge8ng==,iv:07goXhV7PcoS3P89AVnNURHjnVHnHJ939QWjgJ1pmI8=,tag:F/zZyB5IEigPSHENW+Sn5g==,type:str] sops: - lastmodified: "2025-05-26T12:30:10Z" - mac: ENC[AES256_GCM,data:KyZi4zu9fUFtyGsxEhS7I2nWEL8eRggczeKyAAstTdfiXSTeyGFFWhu6u5MbtobqYsoSrxc5UbYNJKj8LEIEZtW5cfHgFcebkFu9LSKfgkqTbyJUqivurmXPxYrN/03N/xYvCK5yNA3hLJ1VG9UBTIxduGnfEah4gy079Z5z8H0=,iv:otP6yM2s/DeLZ/kH4I1Vct4cJ2fpl3A2qD0K6MNMSKE=,tag:kA6fKLWKYkbILxfG7q5JUQ==,type:str] + lastmodified: "2025-05-26T14:35:26Z" + mac: ENC[AES256_GCM,data:lYnPJV9tGNWx3yY5O9MEcH9xzoot5g4Nzqlp2XDbG09aeAfTWvlsy8bwFsFqGuWDBGPJ9you/Pr55//mEaj40ofHj7VNci5AZaSGCFGyG6R82EKoxJF7Kbh+Y09h3IoFUT3+9xORjvJUUwaGSViDaN/MVc0vRaolSFKGdcbZSP0=,iv:lA1TnauZ3wQXlRWdczovh8HHSUZBkt73zPNSKYg+qJo=,tag:ofZ7B/awkKsB1gxLMXu5BA==,type:str] pgp: - - created_at: "2025-05-26T12:30:10Z" + - created_at: "2025-05-26T14:35:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklAQ/+IxTzk0xWdqnDbi13ymMGmyog2Z+cdfLtDqLN8A/bLPiL - EBtU8y2GOGJSWz28fXkTWSgXk7OqW2C8vGQ3EQTat88IDhnU0u+k6qSOb8QlpPD+ - hR/+EJOw9mlu/BCrja+Qv0uLa9z/jkTispWfZBdnPOzgqwRySk7X2pQcbzwubHLB - vRUvkznN5maOA4hBB2vjK8D5C3d8C3C6uwmq14SVRY1RAwGbq1q/OYgdGb8/QurQ - Ob5zRVWs35DFoAH4DxCro0pAwgBbTs+sXjFuTNo0aLoxHoMGV0511VC+biZDUWVp - qqT6jHbscQqRJqg2NFL5vAWn/mKsL3qTqeVhatHUraS/WNe8vA/brQxRbI8r+Sdh - /uGKtvIyKfUSTeNAXotOGiQCHlp98icRNemV1vFNS3Uq6qw4Pd5qomyPODv+3za2 - Sk0l1gWxwF2MOdbaf8tTJyXrXjN1RQsL9C68DUVdPggqVoD01euIrej6Obo/u9wq - qQXD7XtfsP2AjUvEwpXJnxVhn5Az5ZIEzmyyxzGpduojPTCxOPNwWIzS6IJmxd+L - tKgSePkFsL32SRM2l1ZSV58bUePkT1QArndyG6+kZnTZCyLz7lCuq/ETIyj6yMpV - b3ICKCwssEiAZAwG/+cYDIjUuvKt4wLNCFHAdqeDI38W+zrN4KNe291PnuxZEenU - aAEJAhCbe3AToXHZr8YvDbylOyk6egwQ+or7ofWANh3pjoF8Sk1Bo3d6Uch8bYsn - Pg1Ft4j9df4Yp5AKlRu3cdmsrm1MTkpsD0hIBqoQDEcsIiaHXFG7fwftPtES80vO - NsfThf7f4T/o - =4A1/ + hQIMAxd/Yh1BfDklARAAlXjYAoKPVNJ8IPhmIbp6F+Uf1wjSxyktMjmTBD0OzLtU + sFpHSh7znPj0cRIc0YtGewbtorC7+tWvqTbUqoeEVLvXsD8KRS0lbQW7fhbRJGV3 + eHlPPqIer79Mf617yLvuP8lhiUUn+g1UfgIldqJICZFlVR92VSmMhr5xvaaz0h3r + o/GahScWPMQN8nZ1bQ94S2kmThchoLL8kXQFLtVYNKvouoKKL0jxpgdJQ/NOflSs + oVSZI3lO2UBMyz58J/VUTItUTWBdPDXAGTOVMnGGo4+swbdk7YfFWcA/ZW1YBqAR + xb8ZFc++sOh9d6TpRHunbE0qOfoE7bBAIi2mSeXK5eB/Hxal1wxwsQPDyWoa12HK + n4xt1KYzDA48HjAWrDj6rnN/Q0qOqKzrTxqQJu6Bd3NLxjsLZ9wlxO2NPTS4rrWJ + k0FJ27A7Zw/g3HnFWS6x2ruPwnf3HpQx2+3ObT+WGv8QDNso4OavEKkZ1WWiuGbz + XtZ57MCDdlYbDbf7JVExYNPtwWqZ8fHtU44fj6WPBiRtmX1Np0HiEbBPq6SLT6Io + iEyChan3DVVUygPNM11H3CC8FZnwSGiqzL839H/C0SE+MwO9aST0MmefpG4vBSMw + wp9HXhugZxSoT/L/ymALFfmBsy2RCuJk+LG6XoDnAMs6rjbm1daKdhrgCSWEGb/U + ZgEJAhA62B66WO86Y6E0vLXl6q0nh8xBxC4x3JF4TwyFv72Nto5LLDUCnXXvlKMC + i2N2XsdK0bS1A94Ho9sjFwG7q5MO+LX6bPX1tQcSSJFytFu5amEL1xTACgVaUari + NeUbY2a4Ug== + =0tsv -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From fc18d2f4f383de1220e03a5dbd8404ccf884c7a7 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 17:01:31 +0200 Subject: [PATCH 87/94] fix: update runner secret --- apps/forgejo-runner/runner-secret.yaml | 38 +++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/apps/forgejo-runner/runner-secret.yaml b/apps/forgejo-runner/runner-secret.yaml index 532fa14..e76ef83 100644 --- a/apps/forgejo-runner/runner-secret.yaml +++ b/apps/forgejo-runner/runner-secret.yaml @@ -5,30 +5,30 @@ metadata: namespace: forgejo type: Opaque stringData: - token: ENC[AES256_GCM,data:xO+3sSjM+rWEaf9CNgYnNuj6FUr3O0Rk76ysXuR5hHugh2J7/Ge8ng==,iv:07goXhV7PcoS3P89AVnNURHjnVHnHJ939QWjgJ1pmI8=,tag:F/zZyB5IEigPSHENW+Sn5g==,type:str] + token: ENC[AES256_GCM,data:HeBj/csec90abWZ7xkKW92VKmcv3POPGVlB7DHEX2h4Pp8StGLP7sA==,iv:yFpLzXEMjqCydPmO3PSQO4kF+S3j7NZOtLRyc/y06xs=,tag:j52MMrk16PisZ5nvEIP+Zg==,type:str] sops: - lastmodified: "2025-05-26T14:35:26Z" - mac: ENC[AES256_GCM,data:lYnPJV9tGNWx3yY5O9MEcH9xzoot5g4Nzqlp2XDbG09aeAfTWvlsy8bwFsFqGuWDBGPJ9you/Pr55//mEaj40ofHj7VNci5AZaSGCFGyG6R82EKoxJF7Kbh+Y09h3IoFUT3+9xORjvJUUwaGSViDaN/MVc0vRaolSFKGdcbZSP0=,iv:lA1TnauZ3wQXlRWdczovh8HHSUZBkt73zPNSKYg+qJo=,tag:ofZ7B/awkKsB1gxLMXu5BA==,type:str] + lastmodified: "2025-05-26T15:01:12Z" + mac: ENC[AES256_GCM,data:+KtGvNN+tU3CWTtjwXYkwhVDqXLN6g/h1wzbb9BPPgK1H/8G09yJ07yHoKHK4zMy9xnyZymlx3vpFvhK6xz/PKHdi4XByYMajlV+F82Mg3mLs4ghZUhxAAlkkOqqnz2OmX0uy/LBWOhvlVMd+nuRGniWO84ldUuZreDFmGBKt6g=,iv:HpvptagB2jZFl7eUJA5DADT5Yh2h3rYfIe5rmDRxoUU=,tag:AzsNw2A9q1vjSqs3/Z2l4Q==,type:str] pgp: - - created_at: "2025-05-26T14:35:26Z" + - created_at: "2025-05-26T15:01:12Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklARAAlXjYAoKPVNJ8IPhmIbp6F+Uf1wjSxyktMjmTBD0OzLtU - sFpHSh7znPj0cRIc0YtGewbtorC7+tWvqTbUqoeEVLvXsD8KRS0lbQW7fhbRJGV3 - eHlPPqIer79Mf617yLvuP8lhiUUn+g1UfgIldqJICZFlVR92VSmMhr5xvaaz0h3r - o/GahScWPMQN8nZ1bQ94S2kmThchoLL8kXQFLtVYNKvouoKKL0jxpgdJQ/NOflSs - oVSZI3lO2UBMyz58J/VUTItUTWBdPDXAGTOVMnGGo4+swbdk7YfFWcA/ZW1YBqAR - xb8ZFc++sOh9d6TpRHunbE0qOfoE7bBAIi2mSeXK5eB/Hxal1wxwsQPDyWoa12HK - n4xt1KYzDA48HjAWrDj6rnN/Q0qOqKzrTxqQJu6Bd3NLxjsLZ9wlxO2NPTS4rrWJ - k0FJ27A7Zw/g3HnFWS6x2ruPwnf3HpQx2+3ObT+WGv8QDNso4OavEKkZ1WWiuGbz - XtZ57MCDdlYbDbf7JVExYNPtwWqZ8fHtU44fj6WPBiRtmX1Np0HiEbBPq6SLT6Io - iEyChan3DVVUygPNM11H3CC8FZnwSGiqzL839H/C0SE+MwO9aST0MmefpG4vBSMw - wp9HXhugZxSoT/L/ymALFfmBsy2RCuJk+LG6XoDnAMs6rjbm1daKdhrgCSWEGb/U - ZgEJAhA62B66WO86Y6E0vLXl6q0nh8xBxC4x3JF4TwyFv72Nto5LLDUCnXXvlKMC - i2N2XsdK0bS1A94Ho9sjFwG7q5MO+LX6bPX1tQcSSJFytFu5amEL1xTACgVaUari - NeUbY2a4Ug== - =0tsv + hQIMAxd/Yh1BfDklAQ//ePRrk6FaMyTiRx4l+yIaMbOiFdq3qySlB15/XUb9pRUr + J+VZTEyLhF/619aUMrIPvx9KbUzig+SD67oWsRdyVZ8UOjGmEnIP30XZmp0+eNTZ + EafJWRBDQpqJxs9iHwOknQOz7bwzjCVUjjisLKGJN4MI0RcYnUH33eYkMnb8m54h + eKc6XqiIYJZxyjonZ4Y1AqRPSnkCTBhRTR8M9U5HIDntHC8MfzWSv8a0AyxmR39K + A1wQgAqihuC4KWO2Ix1W8mWdJ2kJ1Ouby1mOjGWfdj3kj8FRlS+lOfyQg71SXLqc + xyCMZzjvSyaZiaKHQf1hgpRlK32R7KYSHXztuL7/0sZc7sl3ZoIgiD4KB0FZ85RY + XJCOep76JPNkMgQttrDeIi+fCsf/9mhqTP6VnjUCJOP49DvDsKkcLI5Prs9EVboL + C6ITJn3DHMGCRmqInMqGZIDmDgNZ7pP1p+sVP8/qYIXzbq5qk/CUdAB+NKQNu0Q6 + LAstJNVnElPS/OVQKDlWmidvaWNuhXzRwliOKuTTp3lOalHhxhrGf+2pND9hWjvy + rIA5fcw7V3dehn5eVj9rhjIN2ZYC5sqfO9VUuFrVOFgZ2eBgcjlQsGCbuSV/TyRl + 79xxJ/qrGc/zJKTnOdXdwrTLJNf8Ua1UBf1tcKC1jN+AN0DpHKdm2PPLQCXVNmfU + ZgEJAhBpfE72sgm5184fqgqxkdfE7CAx6ud2lovhRl+6TDTZ/0NG/xlL9gXVGUkm + Fs4jJ87rWdp13drLedy68/wtlZXefsVEDHi+3AKLd48y4AiqKEFycv3zz46ntNzC + 6dljQfc5lw== + =rbnV -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From a6460b7134570b2362138cfd7180d079dd5cb1d9 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 17:11:43 +0200 Subject: [PATCH 88/94] fix: update deployment --- apps/forgejo-runner/deployment.yaml | 107 ++++++++++++++-------------- 1 file changed, 52 insertions(+), 55 deletions(-) diff --git a/apps/forgejo-runner/deployment.yaml b/apps/forgejo-runner/deployment.yaml index 90c0036..4e84c9f 100644 --- a/apps/forgejo-runner/deployment.yaml +++ b/apps/forgejo-runner/deployment.yaml @@ -1,74 +1,71 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: forgejo-runner - namespace: forgejo labels: app: forgejo-runner + name: forgejo-runner spec: replicas: 1 selector: matchLabels: app: forgejo-runner + strategy: {} template: metadata: + creationTimestamp: null labels: app: forgejo-runner spec: restartPolicy: Always volumes: - - name: docker-certs - emptyDir: {} - - name: runner-data - emptyDir: {} + - name: docker-certs + emptyDir: {} + - name: runner-data + emptyDir: {} initContainers: - - name: runner-config-generation - image: code.forgejo.org/forgejo/runner:6.3.1 - command: - [ - "sh", - "-c", - "forgejo-runner create-runner-file --instance $FORGEJO_INSTANCE_URL --secret $RUNNER_SECRET --connect" - ] - env: - - name: RUNNER_SECRET - valueFrom: - secretKeyRef: - name: forgejo-runner-token - key: token - - name: FORGEJO_INSTANCE_URL - value: https://git.patanix.de - volumeMounts: - - name: runner-data - mountPath: /data + - name: runner-config-generation + image: code.forgejo.org/forgejo/runner + command: + ['forgejo-runner create-runner-file --instance $FORGEJO_INSTANCE_URL --secret $RUNNER_SECRET --connect'] + env: + - name: RUNNER_SECRET + valueFrom: + secretKeyRef: + name: forgejo-runner-token + key: token + - name: FORGEJO_INSTANCE_URL + value: https://git.patanix.de + volumeMounts: + - name: runner-data + mountPath: /data containers: - - name: runner - image: code.forgejo.org/forgejo/runner:3.0.0 - command: - [ - "sh", - "-c", - "while ! nc -z localhost 2376 Date: Mon, 26 May 2025 17:17:06 +0200 Subject: [PATCH 89/94] fix: change back to own version --- apps/forgejo-runner/deployment.yaml | 108 ++++++++++++++-------------- 1 file changed, 56 insertions(+), 52 deletions(-) diff --git a/apps/forgejo-runner/deployment.yaml b/apps/forgejo-runner/deployment.yaml index 4e84c9f..384bb28 100644 --- a/apps/forgejo-runner/deployment.yaml +++ b/apps/forgejo-runner/deployment.yaml @@ -1,71 +1,75 @@ apiVersion: apps/v1 kind: Deployment metadata: + name: forgejo-runner + namespace: forgejo labels: app: forgejo-runner - name: forgejo-runner spec: replicas: 1 selector: matchLabels: app: forgejo-runner - strategy: {} template: metadata: - creationTimestamp: null labels: app: forgejo-runner spec: restartPolicy: Always volumes: - - name: docker-certs - emptyDir: {} - - name: runner-data - emptyDir: {} + - name: docker-certs + emptyDir: {} + - name: runner-data + emptyDir: {} initContainers: - - name: runner-config-generation - image: code.forgejo.org/forgejo/runner - command: - ['forgejo-runner create-runner-file --instance $FORGEJO_INSTANCE_URL --secret $RUNNER_SECRET --connect'] - env: - - name: RUNNER_SECRET - valueFrom: - secretKeyRef: - name: forgejo-runner-token - key: token - - name: FORGEJO_INSTANCE_URL - value: https://git.patanix.de - volumeMounts: - - name: runner-data - mountPath: /data + - name: runner-config-generation + image: code.forgejo.org/forgejo/runner:6.3.1 + command: + [ + "sh", + "-c", + "forgejo-runner create-runner-file --instance $FORGEJO_INSTANCE_URL --secret $RUNNER_SECRET --connect" + ] + env: + - name: RUNNER_SECRET + valueFrom: + secretKeyRef: + name: forgejo-runner-token + key: token + - name: FORGEJO_INSTANCE_URL + value: https://git.patanix.de + volumeMounts: + - name: runner-data + mountPath: /data containers: - - name: runner - image: code.forgejo.org/forgejo/runner - command: - [ - 'sh', - '-c', - "while ! nc -z localhost 2376 Date: Mon, 26 May 2025 18:32:33 +0200 Subject: [PATCH 90/94] fix: update secret --- apps/forgejo-runner/runner-secret.yaml | 38 +++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/apps/forgejo-runner/runner-secret.yaml b/apps/forgejo-runner/runner-secret.yaml index e76ef83..f2ebe72 100644 --- a/apps/forgejo-runner/runner-secret.yaml +++ b/apps/forgejo-runner/runner-secret.yaml @@ -5,30 +5,30 @@ metadata: namespace: forgejo type: Opaque stringData: - token: ENC[AES256_GCM,data:HeBj/csec90abWZ7xkKW92VKmcv3POPGVlB7DHEX2h4Pp8StGLP7sA==,iv:yFpLzXEMjqCydPmO3PSQO4kF+S3j7NZOtLRyc/y06xs=,tag:j52MMrk16PisZ5nvEIP+Zg==,type:str] + token: ENC[AES256_GCM,data:e0BsoUOwkfl7qt48/eT8Nvexg8RZ24cG33VeIfjru4NxyVOXUVQDGw==,iv:4My1NRIA5DG1uvgxAki5pYVYJdM/oTNqPu4WEn1IFaI=,tag:dKRwR5q/szl9/Qm/6TFnKQ==,type:str] sops: - lastmodified: "2025-05-26T15:01:12Z" - mac: ENC[AES256_GCM,data:+KtGvNN+tU3CWTtjwXYkwhVDqXLN6g/h1wzbb9BPPgK1H/8G09yJ07yHoKHK4zMy9xnyZymlx3vpFvhK6xz/PKHdi4XByYMajlV+F82Mg3mLs4ghZUhxAAlkkOqqnz2OmX0uy/LBWOhvlVMd+nuRGniWO84ldUuZreDFmGBKt6g=,iv:HpvptagB2jZFl7eUJA5DADT5Yh2h3rYfIe5rmDRxoUU=,tag:AzsNw2A9q1vjSqs3/Z2l4Q==,type:str] + lastmodified: "2025-05-26T16:32:21Z" + mac: ENC[AES256_GCM,data:ccBH5XRiXgio3aCEi4O4YRdh7sq46qxN457IMUqgQrCNFBNjk70OJD31ZxalYPr1iTlAQdbtPT8tVcFRd8EvTeRSm9KaWqusVKHbdsWeDUStHNXADjFwLTAoqVOn0yz9H5YTdLFxIHuV61w2HDJkz+sG0bM9uwv6YPkdbnyLtFs=,iv:h9NzKcUGbLwriVBo1Gfkw2Wbqr1dIZ0nevT1p4pHiQs=,tag:TXxb9UxVeTF6lUbSUxP9DQ==,type:str] pgp: - - created_at: "2025-05-26T15:01:12Z" + - created_at: "2025-05-26T16:32:21Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklAQ//ePRrk6FaMyTiRx4l+yIaMbOiFdq3qySlB15/XUb9pRUr - J+VZTEyLhF/619aUMrIPvx9KbUzig+SD67oWsRdyVZ8UOjGmEnIP30XZmp0+eNTZ - EafJWRBDQpqJxs9iHwOknQOz7bwzjCVUjjisLKGJN4MI0RcYnUH33eYkMnb8m54h - eKc6XqiIYJZxyjonZ4Y1AqRPSnkCTBhRTR8M9U5HIDntHC8MfzWSv8a0AyxmR39K - A1wQgAqihuC4KWO2Ix1W8mWdJ2kJ1Ouby1mOjGWfdj3kj8FRlS+lOfyQg71SXLqc - xyCMZzjvSyaZiaKHQf1hgpRlK32R7KYSHXztuL7/0sZc7sl3ZoIgiD4KB0FZ85RY - XJCOep76JPNkMgQttrDeIi+fCsf/9mhqTP6VnjUCJOP49DvDsKkcLI5Prs9EVboL - C6ITJn3DHMGCRmqInMqGZIDmDgNZ7pP1p+sVP8/qYIXzbq5qk/CUdAB+NKQNu0Q6 - LAstJNVnElPS/OVQKDlWmidvaWNuhXzRwliOKuTTp3lOalHhxhrGf+2pND9hWjvy - rIA5fcw7V3dehn5eVj9rhjIN2ZYC5sqfO9VUuFrVOFgZ2eBgcjlQsGCbuSV/TyRl - 79xxJ/qrGc/zJKTnOdXdwrTLJNf8Ua1UBf1tcKC1jN+AN0DpHKdm2PPLQCXVNmfU - ZgEJAhBpfE72sgm5184fqgqxkdfE7CAx6ud2lovhRl+6TDTZ/0NG/xlL9gXVGUkm - Fs4jJ87rWdp13drLedy68/wtlZXefsVEDHi+3AKLd48y4AiqKEFycv3zz46ntNzC - 6dljQfc5lw== - =rbnV + hQIMAxd/Yh1BfDklARAArNaDCnZTWLtET2sx73YyUhRSqF4fuc8whg8s6K93llT8 + oxi/MJNkD8yFa3PgGzFl1Yfdw2xpv5BbdYe0dIclitZe87y4DjMrUbc6ZeYaWr/A + W+LgcUcspBiofqgOHS+RGupi0djdjOcQN2upAU2OsbPXI3IhmSyQQmaOU5zbgHRx + 230KArgUGCpkdnO78tKlSMnyw02omzV/J6qMZ3iV1KyK8kRC5VH4OIWQN8hypEXG + 4Iaf6bJbTpaLZLNScjGJR4v9FKo0CQ8RSO8UDtGdVajrHBNWuHkogu7Ol8byoCJ5 + S9+N39YC0wcaRQ0bf9qFr3EcNnCDSxYcPRH7aCLGazyu9qZEf2Azj+i80saY9XBJ + 787KyHxB7OfNPuG6FAtmJqRxnfc7br/4clQ93phqCBXRAd+AOGAhCuwQCLNsYP17 + jklZKSnvKw56RgsQ2ANHkDZ9O3RcfWJjj5lZX0Tr8REm849YimL70D5KGPj/YDuO + vY1GdJjDTfxWwXuX7crJbROF1m8KBcQdIa3/XUZx2sDHfSJn4Wlklze9P0P6XmVc + D4Yc7kZ8z5oEvJkW/+7YUKZjxv/2QkLHQ1qKYse8CeDFQ9plibLd09D6Z83Ycvhx + /n9C5LRJS1LZn4h4DMxncALPMDXQjCjoBDXttieLvZz8r3a2Ja1TEsNERZxrBoXU + aAEJAhAk/ocgcppH9AALdg47PFam0GTHIVc5ywo6pPVOLJPkDxr/cKYw3a08mQE9 + B+NUGfLBBhRH39LZdb/HwNB8pqLw/QEtAL/5cxO4jFl48l0WhZ+Gz6DWj+NZ4ttC + wsWJRN7WlR4U + =cLTV -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From ab1525e2043ac9d25508b964855c81d8317197c0 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 19:54:54 +0200 Subject: [PATCH 91/94] fix: redoply hetzner secret --- .../hetzner-dns-api-token-secret.yaml | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml index 65397bd..577d08d 100644 --- a/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml +++ b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml @@ -5,30 +5,30 @@ metadata: namespace: cert-manager type: Opaque stringData: - api-key: ENC[AES256_GCM,data:iYj5AS1UY77fC7nxk/yctC3f+g59NJ744+DS009kUQM=,iv:J/cKz6M3w5sM04GqJ5K+JwBoOOjaER+arykc60eztCk=,tag:dAnHwnXVEdKHDusu8VgWfA==,type:str] + api-key: ENC[AES256_GCM,data:ilRa3CMHruAGPifG3cX3yWjt5lySmjhM7qUikTZiDYU=,iv:oql6xAxM+FD3/lb+pgNYPjV3N4YTEkDzdqM+S6qKTUg=,tag:bjosUHeX4X2I1z7FyBN7wA==,type:str] sops: - lastmodified: "2025-05-25T12:00:23Z" - mac: ENC[AES256_GCM,data:RpN7bXCBDaG4zbHty2l2pZdvkCHP8LQEhHNE56Thvs3fecgqUDfn/JTb4F+IsdUTbSj68jE8hZhNK2oVH7KIkoGfMv6NUGaQo0vGU9cTAN+juaFrHgEGyRc+deazB7hLT2cs87V96v7XjfCA4bL+F0eFINvOX/TZSu6sNoFAYC8=,iv:oKDwGI3Gb/rAIs6DANMyGI/pcOfG15/8ZKa/MYOAa5E=,tag:uWY/eG+vW/5l382y4lN6Ow==,type:str] + lastmodified: "2025-05-26T17:54:34Z" + mac: ENC[AES256_GCM,data:XjzoKIGDYAHQWGTvCCjWSObnfIs1eEnBk75BrXeZ8BIYz7XLRvID7FvnJQja9VnTKR8eP/r6NmTxKWpvnFOwIC4uVrCp/JqS/1jfDys6RUXmpzov8A5RwRpB3NKXnYFFIVdEKoWjdKHuHqBMXJpK2Wbd1hnUibVHLoy+AGLekCU=,iv:qfRW1Xk9gmTExUMoTHz5GhbNpMazVHwtKnhGo2OkyBc=,tag:gC9WmBQiWOmcSMD8BeGKtQ==,type:str] pgp: - - created_at: "2025-05-25T12:00:23Z" + - created_at: "2025-05-26T17:54:34Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklAQ/9FFfR6OV8i8eep9/9NneTHN0FGxHBF/HWDyi2ga0wuDpu - ntVBpkCT2KtqbDKuNaMtUP6GIu8v8/52FEDnpSZsJrXANt4mz97eZYft7dllC+MU - Ge8KxO5LY4YRkboELYpMb9D4zo/tZ3o40mqeBz6dCG+4acAOcaNpF4NWuzqINm2o - Qp/PeY9M5JIkf+ReJM1G14EDam509EsbA/dgysbXj0FCCOjTv+1NIQ+5x1AuEeTK - 75ra+5igSr5cQHHeHZam9JyRhjxd1zawEj6VK0bOhqjI5KBpa98RoSH36aMijdOF - N5E6z3TClLKuvxD66s1LX2TjYvE348+UDEbf3c5/iAZzWeKzYYBDZZrMwAoBXnK2 - ajzLg8r5WUrXZ2A/9godsc5DtSnS8eqhSWckLQLEaePyuAhr3tczWOCEloDJ4CPm - PVHsAsegFYoK3iDILzl0IoYSVKfJO/440xeFn+rZD3qSSAZgeEvhYu6od85e3Cfa - EvSWPukaREucXxjIdwf6kSa4zfocY9Fsz4Ug4Pser7F1Fiw40FvSg47EMiwx7oxq - WB5XXep/IwRMfK49k23e3xFExXQei/F2va5RtZfOxuNHPa6mz1GleDzNEN8Yn3Rb - G1xZwUMBKGBtT68MiSmdDS/pb/NbzMeNxHRQh1mVoOFKIaVh9Bieuw0Kjd/yKqTU - aAEJAhB0SUSBaXCOHVO+rrHe0Fm9P3XsSc9+ZKB5EckSuIxvU4vxOlUf9qqlf6tA - pTSggVbG9umwTQ9yD6LRMafeuPGVK/rTc1xr+ck0qOJ+C2RQyiaiwn0P7jz25wpn - san0yxD+bcq5 - =hb+B + hQIMAxd/Yh1BfDklARAAhRjxkv/Eu0qslbqjbulHnl6rEFOwB+txEGy3fz6uHMeD + 2NdKsG6QxPHqPPECIr3sfIGHEPLeQD189IAvbzM+1Nv6WuniZTzjrCybyDqAGnCp + V8+qSqq429nsgcDG1UgiXVmgCk+d4orm9CT0FzEvN9koZpoolqQkA7sRctl+y1y/ + 6hE0lhKDzbbhMt/Ibi+avxq7krWPnEXUHJrCice9pQGT4TX3jovKGrGbZ9Y0Ey8J + j5/hZGtRnd9PnLhxJqnQdVTJyQsJ2x5o/aItyABzyqV/vCc+jmnHZMY7RjYrP9WG + Z4rp9hzN+WcRpa7ap+MI2rR4wykHN5VeDqbTjZSHzbDCWaVU7fmrU8KJ6eS0bTMR + Cyn042spm9+G+ZmBzvRkNfKWsYJfPpwN8T/1vz3xXzyEj44UVTGL/jErj+26gFKc + RWlXmAfJSAhZTrW1MeFJ5X7MvoGwFwtCfQbj3FnSCaRDIh+t9e4kSwGagdNzY/87 + z+RNmajfOCKTg9aGLb6SM8FvEzu9IrZOH25mhhkKYMC/aoZjMf76V8gpRgBrMbnc + lXpxi3woHrcH4sk876UFGXUTyjfSOSzI4PFVgywq2HWK5Bl/cDS/hD0cXPLVMrKK + Zq0mfarOYWa3/5ebG8v1YYJqF8v3RdhX2pzaGK3ugC/0WIe4vwUxTnQoDqfVa3bU + aAEJAhDmtbJ+117ec4wXFZ8JVmRhE3H0HKJizv7WLgfbBUbc0Kht4DdjSJ1Ccx1o + ItuFkk5V7yVicZzofzuEeq8lewz8rrfaOjQye2ZPmTMqdReF5/pfza3LZnNJystX + XER0CwltYHBX + =OWAi -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From caefbce02495916a88a565ca122b8e3b7b8c8aa4 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 20:13:17 +0200 Subject: [PATCH 92/94] ci: update flux versions --- apps/forgejo/helmrelease.yaml | 2 +- apps/home-assistant/helmrelease.yaml | 2 +- apps/home-assistant/helmrepository.yaml | 2 +- infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml | 2 +- infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml | 2 +- infrastructure/cert-manager/helmrelease.yaml | 2 +- infrastructure/cert-manager/helmrepository.yaml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/forgejo/helmrelease.yaml b/apps/forgejo/helmrelease.yaml index 13ee71d..fe3ee50 100644 --- a/apps/forgejo/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: forgejo diff --git a/apps/home-assistant/helmrelease.yaml b/apps/home-assistant/helmrelease.yaml index e00091e..c73509b 100644 --- a/apps/home-assistant/helmrelease.yaml +++ b/apps/home-assistant/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: home-assistant diff --git a/apps/home-assistant/helmrepository.yaml b/apps/home-assistant/helmrepository.yaml index 9b03a11..773b830 100644 --- a/apps/home-assistant/helmrepository.yaml +++ b/apps/home-assistant/helmrepository.yaml @@ -1,4 +1,4 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: home-assistant diff --git a/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml b/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml index c04ee53..01106f5 100644 --- a/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml +++ b/infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager-webhook-hetzner diff --git a/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml b/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml index d82a2b5..23eebd5 100644 --- a/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml +++ b/infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml @@ -1,4 +1,4 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: vadimkim-cert-manager-webhook-hetzner diff --git a/infrastructure/cert-manager/helmrelease.yaml b/infrastructure/cert-manager/helmrelease.yaml index 8afa921..a8dbb58 100644 --- a/infrastructure/cert-manager/helmrelease.yaml +++ b/infrastructure/cert-manager/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager diff --git a/infrastructure/cert-manager/helmrepository.yaml b/infrastructure/cert-manager/helmrepository.yaml index c915c48..0dd08be 100644 --- a/infrastructure/cert-manager/helmrepository.yaml +++ b/infrastructure/cert-manager/helmrepository.yaml @@ -1,4 +1,4 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: jetstack From 8445e32a29b9b607017b85e07ea4d6c168161e0e Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 20:31:02 +0200 Subject: [PATCH 93/94] fix: update hetzner key --- .../hetzner-dns-api-token-secret.yaml | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml index 577d08d..0d4b3cd 100644 --- a/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml +++ b/infrastructure/cert-manager/hetzner-dns-api-token-secret.yaml @@ -5,30 +5,30 @@ metadata: namespace: cert-manager type: Opaque stringData: - api-key: ENC[AES256_GCM,data:ilRa3CMHruAGPifG3cX3yWjt5lySmjhM7qUikTZiDYU=,iv:oql6xAxM+FD3/lb+pgNYPjV3N4YTEkDzdqM+S6qKTUg=,tag:bjosUHeX4X2I1z7FyBN7wA==,type:str] + api-key: ENC[AES256_GCM,data:zbosJdBCNMhy1hhF/spyZI3gUFKxrc6t6teRCxob0Xc=,iv:wWSccIo1/39rEZsAdQYt2GfReOK/WD2lvd53/NUmdcs=,tag:lzVh1h629QozAXETUOuzSA==,type:str] sops: - lastmodified: "2025-05-26T17:54:34Z" - mac: ENC[AES256_GCM,data:XjzoKIGDYAHQWGTvCCjWSObnfIs1eEnBk75BrXeZ8BIYz7XLRvID7FvnJQja9VnTKR8eP/r6NmTxKWpvnFOwIC4uVrCp/JqS/1jfDys6RUXmpzov8A5RwRpB3NKXnYFFIVdEKoWjdKHuHqBMXJpK2Wbd1hnUibVHLoy+AGLekCU=,iv:qfRW1Xk9gmTExUMoTHz5GhbNpMazVHwtKnhGo2OkyBc=,tag:gC9WmBQiWOmcSMD8BeGKtQ==,type:str] + lastmodified: "2025-05-26T18:30:47Z" + mac: ENC[AES256_GCM,data:5TsPo7zuzxPciMDVEvOSBe8WuoYJe0w6BSMNRAJpQ84/52hyJtYb81zLepcfDID8IMUEj9qvKC+Yj6qsK29hsTaeLunRw89q0g4xFd1eQjT3bmQxdEMD4hBuK8tSQeA+bxRT2w0vNMgv+/qvVYGnuC+PyswpXP+ElpjTxawnFJo=,iv:xedxTiTm4Kjudx8P7V3t6luI40/kYjDZb4WOpjv9zrE=,tag:3mUuwVRaHh/343w2AkoKhA==,type:str] pgp: - - created_at: "2025-05-26T17:54:34Z" + - created_at: "2025-05-26T18:30:47Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxd/Yh1BfDklARAAhRjxkv/Eu0qslbqjbulHnl6rEFOwB+txEGy3fz6uHMeD - 2NdKsG6QxPHqPPECIr3sfIGHEPLeQD189IAvbzM+1Nv6WuniZTzjrCybyDqAGnCp - V8+qSqq429nsgcDG1UgiXVmgCk+d4orm9CT0FzEvN9koZpoolqQkA7sRctl+y1y/ - 6hE0lhKDzbbhMt/Ibi+avxq7krWPnEXUHJrCice9pQGT4TX3jovKGrGbZ9Y0Ey8J - j5/hZGtRnd9PnLhxJqnQdVTJyQsJ2x5o/aItyABzyqV/vCc+jmnHZMY7RjYrP9WG - Z4rp9hzN+WcRpa7ap+MI2rR4wykHN5VeDqbTjZSHzbDCWaVU7fmrU8KJ6eS0bTMR - Cyn042spm9+G+ZmBzvRkNfKWsYJfPpwN8T/1vz3xXzyEj44UVTGL/jErj+26gFKc - RWlXmAfJSAhZTrW1MeFJ5X7MvoGwFwtCfQbj3FnSCaRDIh+t9e4kSwGagdNzY/87 - z+RNmajfOCKTg9aGLb6SM8FvEzu9IrZOH25mhhkKYMC/aoZjMf76V8gpRgBrMbnc - lXpxi3woHrcH4sk876UFGXUTyjfSOSzI4PFVgywq2HWK5Bl/cDS/hD0cXPLVMrKK - Zq0mfarOYWa3/5ebG8v1YYJqF8v3RdhX2pzaGK3ugC/0WIe4vwUxTnQoDqfVa3bU - aAEJAhDmtbJ+117ec4wXFZ8JVmRhE3H0HKJizv7WLgfbBUbc0Kht4DdjSJ1Ccx1o - ItuFkk5V7yVicZzofzuEeq8lewz8rrfaOjQye2ZPmTMqdReF5/pfza3LZnNJystX - XER0CwltYHBX - =OWAi + hQIMAxd/Yh1BfDklARAAilLl2QO6pKp/cBoq7A22ltZqlfyUZTWqfbz07X8xk1W9 + I3MXdI/2rtndEDt2y0i693w6kwHKiCUfgTyYt2aS8HxgxDEktmO/6Z53wnDiESs0 + +CDBkG50TpLBFM8nmlRGJBpTuFY4swsrn/1MCMSl1Yq3+CTQ6Rmu9Zo4cx7ZTyFM + w5Y2NwC6Mum2jj7DFUotDa5oNHjmFuobCfIfzm/2jIMlqHjllFhEGq1lzjofdTBJ + WSdNLbTOG8TYGA7jcJjNiGWA3J7pt7vnsCheNFyLgdXw3JVwdZIeKoIA2g4ONlk3 + KEkqZ7RdY17RrZmFlByjYoSDmu3kTLXxztB3l8tcz5dUZStb9iZMb/4ODVOwwAcU + Jeur1BHrHh4dyZSiuFxh51di+0WyXfgpvhIs8ZSRFsdnZ4SFW4yPqs86Qmoh6ig1 + F+Iyk3PY+mdKoHIqqK2E2UK3RtFQW1KhcW0xAXtvilWjVI5+QmnY9fEpNDWGieL5 + Q0NEGPrhNAV/aIMLTFXzba75QJgE5eOvfAHg6ralFAxg3RU2wF+zExwGFfLsIp3F + Q0VzFFxLT0gFIEjBswBQ7DJOgdGCXhpWJSjOB2li17VKCMHi0STd+F84aFv8MLT4 + zni018MaxTmqUEAT9ebijScXoOzGCjTsfQQioSMS01JC/wwWrUcYAXR5dNlB7nfU + aAEJAhB2ahVphetmKx/lJQij8AAIHAwddSPvOaC3M0dpVngJJDYeQt/+xBys2f+K + moT6INYTvdv1c5ELh4YbLpNSs+5FMdCAGeWVY7NHQfzXh0kSjngQdd+nXKy/1Sk6 + bIo8ZRLHK6pN + =xDsS -----END PGP MESSAGE----- fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 encrypted_regex: ^(data|stringData)$ From b0dac54b58c731c43a8d9ba0bc9620f77bd58918 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 25 Jul 2025 07:29:49 +0000 Subject: [PATCH 94/94] Add renovate.json --- renovate.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..7190a60 --- /dev/null +++ b/renovate.json @@ -0,0 +1,3 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json" +}