repositories: - name: rook-release url: https://charts.rook.io/release # - name: metallb # url: https://metallb.github.io/metallb - name: traefik url: https://traefik.github.io/charts - name: ananace-charts url: https://ananace.gitlab.io/charts - name: bitnami url: https://charts.bitnami.com/bitnami - name: crunchydata url: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main - name: immich url: https://immich-app.github.io/immich-charts - name: k8up-io url: https://k8up-io.github.io/k8up - name: tailscale url: https://pkgs.tailscale.com/helmcharts - name: gitea url: https://dl.gitea.io/charts - name: grafana url: https://grafana.github.io/helm-charts - name: prometheus-community url: https://prometheus-community.github.io/helm-charts - name: static-site url: git+https://github.com/cfpb/static-site@charts?ref=main releases: # networking - name: metallb namespace: metallb-system createNamespace: true chart: ./metallb - name: traefik namespace: traefik createNamespace: true chart: traefik/traefik values: - ./traefik/values.yaml setString: - name: certificatesResolvers.letsencrypt.acme.email value: {{ requiredEnv "ACME_EMAIL" }} - name: extraObjects[0].stringData.password value: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }} - name: tailscale-operator namespace: tailscale createNamespace: true chart: tailscale/tailscale-operator setString: - name: oauth.clientId value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_ID" }} - name: oauth.clientSecret value: {{ requiredEnv "TAILSCALE_OAUTH_CLIENT_SECRET" }} - name: apiServerProxyConfig.mode value: noauth # storage infrastructure - name: rook-ceph namespace: rook-ceph createNamespace: true chart: rook-release/rook-ceph values: - ./rook-ceph/values.yaml - name: rook-ceph-cluster namespace: rook-ceph createNamespace: true chart: rook-release/rook-ceph-cluster values: - ./rook-ceph-cluster/values.yaml set: - name: operatorNamespace value: rook-ceph # data storage - name: pgo namespace: postgres-operator createNamespace: true chart: crunchydata/pgo values: - ./postgres/operator-values.yaml - name: postgres namespace: datastore createNamespace: true chart: crunchydata/postgrescluster values: - postgres/values.yaml - name: mariadb namespace: datastore createNamespace: true chart: bitnami/mariadb values: - mariadb/values.yaml setString: - name: auth.rootPassword value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }} # monitoring - name: grafana namespace: grafana createNamespace: true chart: grafana/grafana values: - grafana/grafana_values.yaml setString: - name: adminPassword value: VYHEKk0Q9KfqQ3UpTx8oc4InrXlUQivUuEeGU8LJ - name: prometheus namespace: grafana createNamespace: true chart: prometheus-community/prometheus values: - grafana/prometheus_values.yaml - name: loki namespace: grafana createNamespace: true chart: grafana/loki values: - grafana/loki_values.yaml - name: alloy namespace: grafana createNamespace: true chart: grafana/alloy values: - grafana/alloy_values.yaml # goatchat matrix - name: goatchat namespace: goatchat createNamespace: true chart: ananace-charts/matrix-synapse values: - ./synapse/values.yaml setString: - name: config.macaroonSecretKey value: {{ requiredEnv "GOATCHAT_SYNAPSE_MACAROON_SECRET_KEY" }} - name: config.registrationSharedSecret value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET" }} - name: extraConfig.email.smtp_pass value: {{ requiredEnv "GOATCHAT_SMTP_PASSWORD" }} - name: gate namespace: goatchat createNamespace: true chart: ./matrix-registration values: - ./matrix-registration/values-overrides.yaml setString: - name: registrationSharedSecret value: {{ requiredEnv "GOATCHAT_REGISTRATION_SHARED_SECRET"}} - name: adminApiSharedSecret value: {{ requiredEnv "GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET"}} - name: immich namespace: immich createNamespace: true chart: immich/immich values: - immich/values.yaml.gotmpl # website - name: incngrnt-web namespace: incngrnt-web createNamespace: true chart: static-site/static-site values: - incngrnt-web/values.yaml # ghost blogs - name: kgnot-ghost namespace: ghost createNamespace: true chart: bitnami/ghost values: - ./kgnot/values.yaml setString: - name: ghostUsername value: {{ requiredEnv "KGNOT_GHOST_USER_NAME" }} - name: ghost-53ll namespace: ghost createNamespace: true chart: bitnami/ghost values: - ./53ll/values.yaml setString: - name: ghostUsername value: {{ requiredEnv "GHOST_53LL_USER_NAME" }} # dev tools - name: gitea namespace: gitea createNamespace: true chart: gitea/gitea values: - ./gitea/values.yaml setString: - name: gitea.admin.password value: {{ requiredEnv "GITEA_ADMIN_PASSWORD" }} # backup - name: k8up namespace: k8up createNamespace: true chart: k8up-io/k8up # backups - name: k8up-backup namespace: ghost chart: ./k8up-backup createNamespace: true values: - ./k8up-backup/values_override.yaml setString: - name: credentials.id value: {{ requiredEnv "HETZNER_S3_ACCESS_KEY" }} - name: credentials.key value: {{ requiredEnv "HETZNER_S3_ACCESS_SECRET" }} - name: repoPassword value: {{ requiredEnv "k8UP_REPO_PASSWORD" }} - name: goatchat-backup namespace: goatchat chart: ./k8up-backup createNamespace: true values: - ./k8up-backup/values_override.yaml setString: - name: credentials.id value: {{ requiredEnv "HETZNER_S3_ACCESS_KEY" }} - name: credentials.key value: {{ requiredEnv "HETZNER_S3_ACCESS_SECRET" }} - name: repoPassword value: {{ requiredEnv "k8UP_REPO_PASSWORD" }} - name: gitea-backup namespace: gitea chart: ./k8up-backup createNamespace: true values: - ./k8up-backup/values_override.yaml setString: - name: credentials.id value: {{ requiredEnv "HETZNER_S3_ACCESS_KEY" }} - name: credentials.key value: {{ requiredEnv "HETZNER_S3_ACCESS_SECRET" }} - name: repoPassword value: {{ requiredEnv "k8UP_REPO_PASSWORD" }}