Skip to content

Commit

Permalink
--wip-- [skipci]
Browse files Browse the repository at this point in the history
  • Loading branch information
@brettinternet
brettinternet committed Feb 7, 2023
1 parent d37bdfa commit faa684c
Show file tree
Hide file tree
Showing 18 changed files with 332 additions and 21 deletions.
38 changes: 38 additions & 0 deletions cluster/apps/auth/appdata-pvc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: appdata-auth
spec:
capacity:
storage: 400G
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Delete
mountOptions:
- nfsvers=4.2
- nconnect=16
- hard
- noatime
csi:
driver: nfs.csi.k8s.io
readOnly: false
volumeHandle: appdata-nfs-storage-auth
volumeAttributes:
server: "${NFS_FAST_TANK_CLUSTERIP}"
share: /appdata

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: appdata
namespace: auth
spec:
accessModes:
- ReadWriteMany
volumeName: appdata-auth
storageClassName: ""
resources:
requests:
storage: 400G
6 changes: 3 additions & 3 deletions .../apps/default/authelia/configuration.yaml → ...ter/apps/auth/authelia/configuration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ server:
session:
domain: "${PUBLIC_DOMAIN}"
redis:
host: authelia-redis.default.svc.cluster.local
host: authelia-redis.auth.svc.cluster.local
port: 6379

storage:
postgres:
username: authelia
host: authelia-postgres.default.svc.cluster.local
host: authelia-postgres.auth.svc.cluster.local
database: authelia
port: 5432

Expand All @@ -40,7 +40,7 @@ authentication_backend:
refresh_interval: 1m
ldap:
implementation: custom
url: ldap://lldap.default.svc.cluster.local:3890
url: ldap://lldap.auth.svc.cluster.local:3890
timeout: 5s
start_tls: false
base_dn: dc=home,dc=arpa
Expand Down
12 changes: 6 additions & 6 deletions ...r/apps/default/authelia/helm-release.yaml → cluster/apps/auth/authelia/helm-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app authelia
namespace: default
namespace: auth
spec:
interval: 15m
chart:
Expand All @@ -29,11 +29,11 @@ spec:
- name: ingress-nginx
namespace: networking
- name: lldap
namespace: default
namespace: auth
- name: authelia-postgres
namespace: default
namespace: auth
- name: authelia-redis
namespace: default
namespace: auth
values:
controller:
replicas: 1
Expand Down Expand Up @@ -175,7 +175,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: authelia-postgres
namespace: default
namespace: auth
spec:
interval: 15m
chart:
Expand Down Expand Up @@ -237,7 +237,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: authelia-redis
namespace: default
namespace: auth
spec:
interval: 15m
chart:
Expand Down
2 changes: 1 addition & 1 deletion .../apps/default/authelia/kustomization.yaml → ...ter/apps/auth/authelia/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
namespace: auth
resources:
- secret.sops.yaml
- helm-release.yaml
Expand Down
6 changes: 3 additions & 3 deletions ...er/apps/default/authelia/secret.sops.yaml → cluster/apps/auth/authelia/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: authelia
namespace: default
namespace: auth
type: Opaque
stringData:
POSTGRES_PASSWORD: ENC[AES256_GCM,data:LhOnhTmaP2qu+XhWkY71BJJ2LlyMfiY37WdI7XmiCmA=,iv:JpsuXL/MfT15FWVzg5iZe/Cnj3LXzrmeAlP2dILrHVY=,tag:kHAQj9YWtThZX6ymCOG3Dw==,type:str]
Expand All @@ -30,8 +30,8 @@ sops:
QTladjNNRGxGUTVaeHJMVmU3KzRPT0UKP5LuA/pzKo0ohRjDDU4Ok+Z6ynfvX0QM
e4cx4CjAHrxArDc/zwW/gkncJRubYyoYTCDUpmVzCqLgiAG5r5NvEA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-07T19:25:31Z"
mac: ENC[AES256_GCM,data:Jjc8qAH7asiFX7pZjGg6aGrvt82IjhvqcGLeo5y29e7alymXMpU700MjNsOdOCG3BYwO26WrpuOXgE43sGCCszV9HSB5TaMhnL+6FoLf6lqea/VPL0pNfHaDyr9v19P6mfmH6dUeFRz19EHiyEZ6au6r42brCmZ36QFgykoOOHg=,iv:541ZjK6A53PdK+QloP6rt3aSsuyfMM6KSoERQJjpQ6A=,tag:kIwBp9pOIpVvhHReDdZQFg==,type:str]
lastmodified: "2023-02-07T05:55:44Z"
mac: ENC[AES256_GCM,data:tnGidF1LYDtpVJEV/7pmyX5XegdUFAp71WtvIJzy7ZTrcdW9sDKNP3YYA+YGl9z8gY7vZhleQz519tqnN3C3Cc7yKRh90tEaHlEo4kP6t0WUGW+a79RBVlneY3tW+TUqiJKCxXeSG0RjskaGRzzMJsxX13zPGsOSVhXZ5K0qcHM=,iv:HYrfDKqvWft9bXsMP2cK9Gy4NPzrt0BdkVo7Bo3SF80=,tag:4eTOVoh+I3svSe+YoYPyFQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3
8 changes: 8 additions & 0 deletions cluster/apps/auth/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- appdata-pvc.yaml
- authelia
- lldap
2 changes: 1 addition & 1 deletion cluster/apps/default/lldap/helm-release.yaml → cluster/apps/auth/lldap/helm-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app lldap
namespace: default
namespace: auth
spec:
interval: 15m
chart:
Expand Down
0 ...ter/apps/default/lldap/kustomization.yaml → cluster/apps/auth/lldap/kustomization.yaml
View file
File renamed without changes.
6 changes: 3 additions & 3 deletions cluster/apps/default/lldap/secret.sops.yaml → cluster/apps/auth/lldap/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: lldap
namespace: default
namespace: auth
type: Opaque
stringData:
LLDAP_LDAP_USER_PASS: ENC[AES256_GCM,data:na4X1zo6wVgFXy3FPJNErXe3CCGtprv7W8nSkhsDo0M=,iv:I9jlN5G5g73LgDWKHc49SC+n4O/H8Qp0nj23c/EVNeE=,tag:t2ogMoxvuHxR6ZN085FUaw==,type:str]
Expand All @@ -23,8 +23,8 @@ sops:
eEVhWkFtRFYzbVBpRThxNE9XOEVCNkEKL92VHY3B3Vp3ts1NQYVNz1kehAFYxATx
CbKAvBsqa4DdglTI8hjlliFIVkM5G/O5LSG+EhR7wWBmFvhYX3vN4g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-28T05:45:52Z"
mac: ENC[AES256_GCM,data:8uTsfYc5PufzjjKR/H2OIgbWgzU/r2uG88Sc1ftALVFX71pfR4qSjNgvimEHrpHLDkGGMNMUdyX7bf/HgHAxOBGkTGYW1iApVYQb/XBca6Z+a35Vty0ivtKB0AtiayrumLf67MbOJMPWYOBXmwgiwENbjFvPFW5ail5XMqUpql4=,iv:3uswFH+vwZWlGTI/Yk2DaD51dhR73Lqd4LitTS3y63k=,tag:3Ohw7uHQDy8kTTx7FANfiA==,type:str]
lastmodified: "2023-02-07T05:54:14Z"
mac: ENC[AES256_GCM,data:byw+g/dIs5BagqDDCSQEUuRaixZMMfgAFIK4dEDeY+I0P3oiFLa08thGcHn5Kp4VXRNW2ixQO3VsNNsVJqmApIAqwXIK/ug2w/ZHv6GAAzpiEh1iM4BPIGrQJc0t//JoCH0fi69mgFPr7RYfHJVik4kfNdAK3f67jPFh00A1mCk=,iv:p9tTjsi/z9rTbPuHKYNvs919TG9IKaAX6owIU9ZkFME=,tag:9eXaA7QVlWlfDdgGye7LdQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3
7 changes: 7 additions & 0 deletions cluster/apps/auth/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: auth
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
2 changes: 0 additions & 2 deletions cluster/apps/default/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ resources:
- namespace.yaml
- adguard
# - archivebox
- authelia
- change-detection
# - cloudbeaver
# - cyberchef
Expand All @@ -21,7 +20,6 @@ resources:
- landing
# - libreoffice
- linkding
- lldap
- mealie
- miniflux
- mosquitto
Expand Down
4 changes: 2 additions & 2 deletions cluster/apps/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- auth
- backup
- comms
- debug
Expand All @@ -13,8 +14,7 @@ resources:
- games
- kube-system
- kyverno
# - mail
- media
# - media
- monitoring
- networking
# - sites
Expand Down
102 changes: 102 additions & 0 deletions provision/terraform/bastion-oci/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions provision/terraform/bastion-oci/host_vars.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Managed by Terraform
kind: Secret
ansible_host: ${ipv4_address}
ansible_user: root
wg_peers: ${peers}
compose_env_vars:
- WIREGUARD_SERVERURL=${dns_address}
- WIREGUARD_PEERS=${peers}
- CLOUDFLARE_API_KEY=${cloudflare_api_key}
- CLOUDFLARE_ZONE=${cloudflare_zone}
- CLOUDFLARE_SUBDOMAIN=${dns_address}
Loading

0 comments on commit faa684c

Please sign in to comment.