Split helmfile into components

helmfile.d/01-infrastructure.yaml

@@ -0,0 +1,53 @@
+repositories:
+  - name: rook-release
+    url:  https://charts.rook.io/release
+  - name: traefik
+    url: https://traefik.github.io/charts
+  - name: tailscale
+    url: https://pkgs.tailscale.com/helmcharts
+
+releases:
+  # networking
+  - name: metallb
+    namespace: metallb-system
+    createNamespace: true
+    chart: ../metallb
+  - name: traefik
+    namespace: traefik
+    createNamespace: true
+    chart: traefik/traefik
+    values:
+      - ../traefik/values.yaml
+    setString:
+      - name: certificatesResolvers.letsencrypt.acme.email
+        value: {{ requiredEnv "ACME_EMAIL" }}
+      - name: extraObjects[0].stringData.password
+        value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}
+  - name: tailscale-operator
+    namespace: tailscale
+    createNamespace: true
+    chart: tailscale/tailscale-operator
+    values:
+      - ../tailscale/values.yaml
+    setString:
+      - name: oauth.clientId
+        value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_ID" }}
+      - name: oauth.clientSecret
+        value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_SECRET" }}
+
+  # storage infrastructure
+  - name: rook-ceph
+    namespace: rook-ceph
+    createNamespace: true
+    chart: rook-release/rook-ceph
+    values:
+      - ../rook-ceph/values.yaml
+  - name: rook-ceph-cluster
+    namespace: rook-ceph
+    createNamespace: true
+    chart: rook-release/rook-ceph-cluster
+    values:
+      - ../rook-ceph-cluster/values.yaml
+    set:
+      - name: operatorNamespace
+        value: rook-ceph 

helmfile.d/02-datastore.yaml

@@ -0,0 +1,46 @@
+repositories:
+  - name: crunchydata
+    url: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
+  - name: bitnami
+    url: https://charts.bitnami.com/bitnami
+  - name: k8up-io
+    url: https://k8up-io.github.io/k8up
+
+releases:
+  # data storage
+  - name: pgo
+    namespace: postgres-operator
+    createNamespace: true
+    chart: crunchydata/pgo
+    values:
+      - ../postgres/operator-values.yaml
+  - name: postgres
+    namespace: datastore
+    createNamespace: true
+    chart: crunchydata/postgrescluster
+    values:
+      - ../postgres/values.yaml
+    setString:
+      - name: pgBackRestConfig.global.repo1-s3-key
+        value: '{{ requiredEnv "HETZNER_S3_ACCESS_KEY" }}'
+      - name: pgBackRestConfig.global.repo1-s3-key-secret
+        value: '{{ requiredEnv "HETZNER_S3_ACCESS_SECRET" }}'
+      - name: pgBackRestConfig.global.repo1-cipher-pass
+        value: '{{ requiredEnv "PG_BACKREST_PASSWORD" }}'
+  - name: mariadb
+    namespace: datastore
+    createNamespace: true
+    chart: bitnami/mariadb
+    values:
+      - ../mariadb/values.yaml
+    setString:
+      - name: auth.rootPassword
+        value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }}
+
+  # backup infrastructure
+  - name: k8up
+    namespace: k8up
+    createNamespace: true
+    chart: k8up-io/k8up
+    values:
+      - ../k8up/values.yaml 

helmfile.d/03-apps.yaml

@@ -0,0 +1,110 @@
+repositories:
+  - name: ananace-charts
+    url: https://ananace.gitlab.io/charts
+  - name: bitnami
+    url: https://charts.bitnami.com/bitnami
+  - name: immich
+    url: https://immich-app.github.io/immich-charts
+  - name: gitea
+    url: https://dl.gitea.io/charts
+  - name: static-site
+    url: git+https://github.com/cfpb/static-site@charts?ref=main
+  - name: incngrnt
+    url: git+https://git.incngrnt.ca/grant/charts@charts?ref=main
+releases:
+  # goatchat matrix
+  - name: goatchat
+    namespace: goatchat
+    createNamespace: true
+    chart: ananace-charts/matrix-synapse
+    values:
+      - ../synapse/values.yaml
+    setString:
+      - name: config.macaroonSecretKey
+        value: {{ requiredEnv "GOATCHAT_SYNAPSE_MACAROON_SECRET_KEY" }}
+      - name: config.registrationSharedSecret
+        value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET" }}
+      - name: extraConfig.email.smtp_pass
+        value: {{ requiredEnv "GOATCHAT_SMTP_PASSWORD" }}
+  - name: gate
+    namespace: goatchat
+    createNamespace: true
+    chart: incngrnt/matrix-registration
+    values:
+      - ../matrix-registration/values.yaml
+    setString:
+      - name: registrationSharedSecret
+        value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET"}}
+      - name: adminApiSharedSecret
+        value: {{ requiredEnv "GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET"}}
+
+  - name: immich
+    namespace: immich
+    createNamespace: true
+    chart: immich/immich
+    values:
+      - ../immich/values.yaml.gotmpl
+      
+  # website
+  - name: incngrnt-web
+    namespace: incngrnt-web
+    createNamespace: true
+    chart: static-site/static-site
+    values:
+      - ../incngrnt-web/values.yaml
+  # ghost blogs
+  - name: kgnot-ghost
+    namespace: ghost
+    createNamespace: true
+    chart: bitnami/ghost
+    values:
+      - ../kgnot/values.yaml
+    setString:
+      - name: ghostUsername
+        value: {{ requiredEnv "KGNOT_GHOST_USER_NAME" }}
+  - name: ghost-53ll
+    namespace: ghost
+    createNamespace: true
+    chart: bitnami/ghost
+    values:
+      - ../53ll/values.yaml
+    setString:
+      - name: ghostUsername
+        value: {{ requiredEnv "GHOST_53LL_USER_NAME" }}
+
+  # dev tools
+  - name: gitea
+    namespace: gitea
+    createNamespace: true
+    chart: gitea/gitea
+    values:
+      - ../gitea/values.yaml
+    setString:
+      - name: gitea.admin.password
+        value: {{ requiredEnv "GITEA_ADMIN_PASSWORD" }}
+
+  # backups
+  - name: ghost-backup
+    namespace: ghost
+    chart: incngrnt/k8up-backup
+    createNamespace: true    
+    values:
+      - ../k8up-backup/values.yaml.gotmpl
+  - name: goatchat-backup
+    namespace: goatchat
+    chart: incngrnt/k8up-backup
+    createNamespace: true    
+    values:
+      - ../k8up-backup/values.yaml.gotmpl
+  - name: gitea-backup
+    namespace: gitea
+    chart: incngrnt/k8up-backup
+    createNamespace: true    
+    values:
+      - ../k8up-backup/values.yaml.gotmpl 
+  - name: immich-backup
+    namespace: immich
+    chart: incngrnt/k8up-backup
+    createNamespace: true    
+    values:
+      - ../k8up-backup/values.yaml.gotmpl  

helmfile.d/04-monitoring.yaml

@@ -0,0 +1,24 @@
+repositories:
+  - name: grafana
+    url: https://grafana.github.io/helm-charts
+  - name: prometheus-community
+    url: https://prometheus-community.github.io/helm-charts
+
+releases:
+  # monitoring
+  - name: grafana
+    namespace: grafana
+    createNamespace: true
+    chart: grafana/lgtm-distributed
+    values:
+      - ../grafana/values.yaml
+  - name: alloy
+    namespace: grafana
+    createNamespace: true
+    chart: grafana/alloy
+    values:
+      - ../grafana/alloy_values.yaml
+  - name: kube-state-metrics
+    namespace: grafana
+    createNamespace: true
+    chart: prometheus-community/kube-state-metrics