grant/fog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove old values.yaml

Browse Source
This commit is contained in:
Grant Hunter
2025-12-07 13:16:22 -07:00
parent 332f776c4f
commit 6b3eb79f88
17 changed files with 0 additions and 774 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
53ll/values.yaml
View File

@@ -1,53 +0,0 @@
image:
debug: true
ghostBlogTitle: 53rd Parallel Photography
ghostHost: https://53ll.ca
ghostUsername: # set through cli args
existingSecret: ghost-53ll-user-secret
allowEmptyPassword: false
readinessProbe:
enabled: false
resources:
limits:
cpu: 500m
ephemeral-storage: 2Gi
memory: 250Mi
requests:
cpu: 10m
ephemeral-storage: 50Mi
memory: 128Mi
persistence:
size: 1Gi
smtpHost: "smtp.sendgrid.net"
smtpPort: 465
smtpUser: "apikey"
smtpService: "SendGrid"
smtpProtocol: "tls"
smtpExistingSecret: 53ll-smtp-password
mysql:
enabled: false
externalDatabase:
host: mariadb.datastore.svc.cluster.local
user: 53ll_ghost
database: 53ll_ghost
existingSecret: ghost-53ll-db-secret
updateStrategy:
type: Recreate
service:
type: ClusterIP
ingress:
enabled: true
hostname: 53ll.ca
tls: true
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"

89
gitea/values.yaml
View File

@@ -1,89 +0,0 @@
gitea:
config:
server:
ROOT_URL: https://git.incngrnt.ca/
MINIMUM_KEY_SIZE_CHECK: false
service:
DISABLE_REGISTRATION: true
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
cron:
enabled: true
repository:
DISABLE_DOWNLOAD_SOURCE_ARCHIVES: true
additionalConfigFromEnvs:
- name: GITEA__DATABASE__HOST
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: host
- name: GITEA__DATABASE__NAME
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: dbname
- name: GITEA__DATABASE__USER
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: user
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: password
strategy:
type: Recreate
ingress:
enabled: true
hosts:
- host: git.incngrnt.ca
paths:
- path: "/"
pathType: Prefix
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
actions:
enabled: true
existingSecret: gitea-runner-token
existingSecretKey: token
redis:
enabled: true
redis-cluster:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false
extraDeploy:
- apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea-ssh
namespace: gitea
labels:
app: gitea
spec:
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: gitea-ssh
port: 22

199
grafana/alloy_values.yaml
View File

@@ -1,199 +0,0 @@
alloy:
clustering:
enabled: true
configMap:
content: |-
logging {
level = "info"
format = "logfmt"
}
discovery.kubernetes "pods" {
role = "pod"
}
discovery.kubernetes "nodes" {
role = "node"
}
discovery.relabel "pods" {
targets = discovery.kubernetes.pods.targets
rule {
source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_label_app_kubernetes_io_name", "__meta_kubernetes_pod_container_name"]
separator = "/"
target_label = "deployment_name"
action = "replace"
}
}
loki.source.kubernetes "pods" {
targets = discovery.relabel.pods.output
forward_to = [loki.process.process.receiver]
}
loki.process "process" {
forward_to = [loki.write.loki.receiver]
stage.drop {
older_than = "1h"
drop_counter_reason = "too old"
}
stage.match {
selector = "{instance=~\".*\"}"
stage.json {
expressions = {
level = "\"level\"",
}
}
stage.labels {
values = {
level = "level",
}
}
}
stage.label_drop {
values = [ "job", "service_name" ]
}
}
loki.write "loki" {
endpoint {
url = "http://grafana-loki-distributor:3100/loki/api/v1/push"
}
}
discovery.relabel "metrics" {
targets = discovery.kubernetes.pods.targets
rule {
source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_port"]
target_label = "__meta_kubernetes_pod_container_port_number"
action = "keepequal"
}
rule {
source_labels = ["__meta_kubernetes_pod_container_port_number"]
regex = ""
action = "drop"
}
rule {
source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_path",]
target_label = "__metrics_path__"
separator = ""
action = "replace"
}
}
prometheus.scrape "metrics" {
clustering {
enabled = true
}
targets = discovery.relabel.metrics.output
forward_to = [prometheus.remote_write.metrics.receiver]
scrape_interval = "30s"
}
discovery.relabel "pods_metrics" {
targets = discovery.kubernetes.nodes.targets
rule {
replacement = "kubernetes.default.svc:443"
target_label = "__address__"
}
rule {
regex = "(.+)"
replacement = "/api/v1/nodes/$1/proxy/metrics/cadvisor"
source_labels = ["__meta_kubernetes_node_name"]
target_label = "__metrics_path__"
}
}
prometheus.scrape "pods_metrics" {
clustering {
enabled = true
}
targets = discovery.relabel.pods_metrics.output
job_name = "integrations/kubernetes/kubelet"
scheme = "https"
honor_labels = true
forward_to = [prometheus.remote_write.metrics.receiver]
bearer_token_file = "/run/secrets/kubernetes.io/serviceaccount/token"
tls_config {
insecure_skip_verify = true
server_name = "kubernetes"
}
scrape_interval = "30s"
}
prometheus.exporter.unix "os_metrics" { }
prometheus.scrape "os_metrics" {
clustering {
enabled = true
}
targets = prometheus.exporter.unix.os_metrics.targets
forward_to = [prometheus.remote_write.metrics.receiver]
scrape_interval = "30s"
}
discovery.kubernetes "kube_state_metrics" {
role = "endpoints"
selectors {
role = "endpoints"
label = "app.kubernetes.io/name=kube-state-metrics"
}
namespaces {
names = ["grafana"]
}
}
discovery.relabel "kube_state_metrics" {
targets = discovery.kubernetes.kube_state_metrics.targets
// only keep targets with a matching port name
rule {
source_labels = ["__meta_kubernetes_endpoint_port_name"]
regex = "http"
action = "keep"
}
rule {
action = "replace"
replacement = "kubernetes"
target_label = "source"
}
}
prometheus.scrape "kube_state_metrics" {
targets = discovery.relabel.kube_state_metrics.output
job_name = "integrations/kubernetes/kube-state-metrics"
scrape_interval = "30s"
scheme = "http"
bearer_token_file = ""
tls_config {
insecure_skip_verify = true
}
clustering {
enabled = true
}
forward_to = [prometheus.relabel.kube_state_metrics.receiver]
}
prometheus.relabel "kube_state_metrics" {
max_cache_size = 100000
rule {
source_labels = ["__name__"]
regex = "up|scrape_samples_scraped|kube_configmap_info|kube_configmap_metadata_resource_version|kube_daemonset.*|kube_deployment_metadata_generation|kube_deployment_spec_replicas|kube_deployment_status_condition|kube_deployment_status_observed_generation|kube_deployment_status_replicas_available|kube_deployment_status_replicas_updated|kube_horizontalpodautoscaler_spec_max_replicas|kube_horizontalpodautoscaler_spec_min_replicas|kube_horizontalpodautoscaler_status_current_replicas|kube_horizontalpodautoscaler_status_desired_replicas|kube_job.*|kube_namespace_status_phase|kube_node.*|kube_persistentvolume_status_phase|kube_persistentvolumeclaim_access_mode|kube_persistentvolumeclaim_info|kube_persistentvolumeclaim_labels|kube_persistentvolumeclaim_resource_requests_storage_bytes|kube_persistentvolumeclaim_status_phase|kube_pod_container_info|kube_pod_container_resource_limits|kube_pod_container_resource_requests|kube_pod_container_status_last_terminated_reason|kube_pod_container_status_restarts_total|kube_pod_container_status_waiting_reason|kube_pod_info|kube_pod_owner|kube_pod_spec_volumes_persistentvolumeclaims_info|kube_pod_start_time|kube_pod_status_phase|kube_pod_status_reason|kube_replicaset.*|kube_resourcequota|kube_secret_metadata_resource_version|kube_statefulset.*"
action = "keep"
}
forward_to = [prometheus.remote_write.metrics.receiver]
}
prometheus.remote_write "metrics" {
endpoint {
url = "http://grafana-mimir-nginx/api/v1/push"
}
}
resources:
requests:
cpu: 1m
memory: 5Mi
limits:
cpu: 1
memory: 400Mi

19
grafana/values.yaml
View File

@@ -1,19 +0,0 @@
grafana:
ingress:
enabled: true
hosts:
- watcher.incngrnt.ca
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
persistence:
enabled: true
mimir:
mimir:
structuredConfig:
limits:
compactor_blocks_retention_period: 2h
ingester:
persistentVolume:
size: 5Gi

14
incngrnt-web/values.yaml
View File

@@ -1,14 +0,0 @@
init:
method: wget
wget:
url: https://git.incngrnt.ca/grant/incngrnt/releases/download/v0.0.8/v0.0.8.tar
ingress:
enabled: true
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
hosts:
- host: incngrnt.ca
paths:
- path: /
pathType: ImplementationSpecific

4
k8up/values.yaml
View File

@@ -1,4 +0,0 @@
k8up:
envVars:
- name: BACKUP_GLOBAL_CONCURRENT_BACKUP_JOBS_LIMIT
values: 1

54
kgnot/values.yaml
View File

@@ -1,54 +0,0 @@
image:
debug: true
ghostBlogTitle: K&G Tie the Kgnot
ghostHost: https://kgnot.ca
ghostUsername: # set through cli args
existingSecret: ghost-kgnot-user-secret
allowEmptyPassword: false
readinessProbe:
enabled: false
resources:
limits:
cpu: 500m
ephemeral-storage: 2Gi
memory: 250Mi
requests:
cpu: 10m
ephemeral-storage: 50Mi
memory: 128Mi
persistence:
size: 1Gi
smtpHost: "smtp.sendgrid.net"
smtpPort: 465
smtpUser: "apikey"
smtpService: "SendGrid"
smtpProtocol: "tls"
smtpExistingSecret: kgnot-smtp-password
mysql:
enabled: false
externalDatabase:
host: mariadb.datastore.svc.cluster.local
user: kgnot_ghost
database: kgnot_ghost
existingSecret: ghost-kgnot-db-secret
updateStrategy:
type: Recreate
service:
type: ClusterIP
ingress:
enabled: true
hostname: kgnot.ca
tls: true
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"

14
mariadb/values.yaml
View File

@@ -1,14 +0,0 @@
persistent:
size: 5Gi
primary:
resources:
limits:
cpu: 375m
ephemeral-storage: 2Gi
memory: 384Mi
requests:
cpu: 50m
ephemeral-storage: 50Mi
memory: 256Mi

5
matrix-registration/values.yaml
View File

@@ -1,5 +0,0 @@
serverLocation: http://goatchat-matrix-synapse:8008
serverName: goatchat.ca
serverBaseUrl: /gate
registrationSharedSecret: # set through cli
adminApiSharedSecret: # set through cli

0
metallb/values.yaml
View File

2
postgres/operator-values.yaml
View File

@@ -1,2 +0,0 @@
pgoControllerLeaseName: ''
replicas: 1

45
postgres/values.yaml
View File

@@ -1,45 +0,0 @@
instanceSize: 50Gi
patroni:
dynamicConfiguration:
postgresql:
pg_hba:
- "host all all all scram-sha-256"
shared_preload_libraries: pgvector
users:
- name: grant
databases:
- postgres
- synapse
- gitea
- immich
options: "SUPERUSER LOGIN"
- name: synapse
databases:
- synapse
options: "LOGIN"
- name: gitea
databases:
- gitea
options: "LOGIN"
- name: immich
databases:
- immich
options: "LOGIN"
pgBackRestConfig:
global:
repo1-path: /pgbackrest/datastore/postgres/repo1
repo1-retention-full: "10"
repo1-retention-full-type: count
repos:
- name: repo1
s3:
bucket: fog
endpoint: hel1.your-objectstorage.com
region: hel1
schedules:
full: "0 1 * * 0"
differential: "0 1 * * 1-6"

82
rook-ceph-cluster/values.yaml
View File

@@ -1,82 +0,0 @@
cephClusterSpec:
dashboard:
ssl: false
storage:
useAllNodes: true
useAllDevices: false
deviceFilter: "^sda"
resources:
mgr:
requests:
cpu: 50m
memory: 256Mi
limits:
cpu: "1"
mon:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: "1"
osd:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: "1"
ingress:
dashboard:
host:
name: fog.incngrnt.ca
path: /fog/ceph
pathType: Prefix
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
"traefik.ingress.kubernetes.io/router.middlewares": "rook-ceph-ceph-stripprefix@kubernetescrd"
cephFileSystems:
- name: ceph-filesystem
# see https://github.com/rook/rook/blob/master/Documentation/ceph-filesystem-crd.md#filesystem-settings for available configuration
spec:
metadataPool:
replicated:
size: 2
dataPools:
- failureDomain: host
replicated:
size: 2
# Optional and highly recommended, 'data0' by default, see https://github.com/rook/rook/blob/master/Documentation/ceph-filesystem-crd.md#pools
name: data0
metadataServer:
activeCount: 1
activeStandby: true
resources:
requests:
cpu: 50m
memory: 256Mi
limit:
cpu: "1"
storageClass:
enabled: true
isDefault: false
name: ceph-filesystem
# (Optional) specify a data pool to use, must be the name of one of the data pools above, 'data0' by default
pool: data0
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions: []
# see https://github.com/rook/rook/blob/master/Documentation/ceph-filesystem.md#provision-storage for available configuration
parameters:
# The secrets contain Ceph admin credentials.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
# Specify the filesystem type of the volume. If not specified, csi-provisioner
# will set default as `ext4`. Note that `xfs` is not recommended due to potential deadlock
# in hyperconverged settings where the volume is mounted on the same node as the osds.
csi.storage.k8s.io/fstype: ext4

4
rook-ceph/values.yaml
View File

@@ -1,4 +0,0 @@
resources:
requests:
cpu: 100m
memory: 128Mi

84
synapse/values.yaml
View File

@@ -1,84 +0,0 @@
serverName: 'goatchat.ca'
publicServerName: 'goatchat.ca'
wellknown:
enabled: true
signingkey:
job:
enabled: false
existingSecret: goatchatca-signingkey
existingSecretKey: signing.key
synapse:
strategy:
type: Recreate
resources:
requests:
cpu: 10m
memory: 160Mi
limits:
cpu: '1'
memory: 320Mi
config:
macaroonSecretKey: # set through cli args
registrationSharedSecret: # set through cli args
extraConfig:
url_preview_enabled: true
url_preview_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
max_upload_size: 100M
email:
enable_notifs: true
smtp_host: "smtp.sendgrid.net"
smtp_port: 587
smtp_user: "apikey"
smtp_pass: # set through cli args
require_transport_security: true
notif_from: "Your Friendly %(app)s homeserver <noreply@goatchat.ca>"
app_name: Goatchat
validation_token_lifetime: 1h
user_directory:
enabled: true
search_all_users: true
prefer_local_users: true
server_notices:
system_mxid_localpart: notices
system_mxid_display_name: "Screaming Goat"
system_mxid_avatar_url: ""
room_name: "Goatchat Notices"
room_avatar_url: ""
room_topic: "Room used by your server admin to notify you of important information"
auto_join: true
ingress:
traefikPaths: true
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
persistence:
size: 30Gi
postgresql:
enabled: false
externalPostgresql:
host: postgres-primary.datastore.svc
existingSecret: postgres-pguser-synapse
existingSecretPasswordKey: password

4
tailscale/values.yaml
View File

@@ -1,4 +0,0 @@
operatorConfig:
extraEnv:
- name: PROXY_PRIORITY_CLASS_NAME
value: critical

102
traefik/values.yaml
View File

@@ -1,102 +0,0 @@
deployment:
initContainers:
- name: volume-permissions
image: busybox:latest
command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
volumeMounts:
- name: data
mountPath: /data
updateStrategy:
type: Recreate
env:
- name: HETZNER_API_KEY
valueFrom:
secretKeyRef:
name: hetzner-api-key
key: token
additionalArguments:
- "--api.basePath=/fog/traefik"
persistence:
enabled: true
logs:
format: json
access:
enabled: true
format: json
service:
spec:
externalTrafficPolicy: Local
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`fog.incngrnt.ca`) && (PathPrefix(`/fog/traefik/dashboard`) || PathPrefix(`/fog/traefik/api`))
entryPoints: ["websecure"]
middlewares:
- name: traefik-dashboard-auth
tls:
certResolver: letsencrypt
ports:
websecure:
middlewares:
- traefik-rate-limit@kubernetescrd
web:
middlewares:
- traefik-redirectscheme@kubernetescrd
ssh:
port: 2222
expose:
default: true
exposedPort: 2222
protocol: TCP
extraObjects:
- apiVersion: v1
kind: Secret
metadata:
name: traefik-dashboard-auth-secret
type: kubernetes.io/basic-auth
stringData:
username: admin
password: # set through cli args
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: traefik-dashboard-auth
spec:
basicAuth:
secret: traefik-dashboard-auth-secret
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rate-limit
spec:
rateLimit:
average: 50
burst: 100
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirectscheme
spec:
redirectScheme:
scheme: https
permanent: true
certificatesResolvers:
letsencrypt:
acme:
dnschallenge:
provider: hetzner
delaybeforecheck: 30
email: # set through cli args
storage: /data/acme.json