snoopy82481 · snoopy82481 · Oct 6, 2022 · Oct 4, 2022 · Oct 4, 2022 · Oct 4, 2022
@@ -16,8 +16,10 @@
   "editor.guides.bracketPairs":"active",
   "cSpell.enabled": false,
   "yaml.schemas": {
-    "Kubernetes": "k8s/**/*.yaml",
-    "recyclarr": "https://raw.githubusercontent.com/recyclarr/recyclarr/master/schemas/config-schema.json"
+    "https://raw.githubusercontent.com/recyclarr/recyclarr/master/schemas/config-schema.json": "recyclarr.yaml",
+    "https://raw.githubusercontent.com/recyclarr/recyclarr/master/schemas/settings-schema.json": "settings.yaml",
+    "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.2-standalone/all.json": "k8s/**/*.yaml",
+    "recyclarr": "https://raw.githubusercontent.com/recyclarr/recyclarr/master/schemas/config-schema.json",
   },
   "material-icon-theme.folders.associations": {
     ".taskfiles": "utils",
@@ -44,12 +46,20 @@
     "cluster-betty",
     "cluster-talos",
     "cluster-global",
+    "flux",
+    "monitoring",
+    "postgres",
     "cilium",
     "kured",
     "metrics-server",
     "reloader",
     "sealed-secrets",
-    "qbittorrent",
+    "alertmanager",
+    "grafana",
+    "kps",
+    "loki",
+    "thanos",
+    "vector",
     "cert-manager",
     "external-dns",
     "ingress-nginx",
@@ -58,7 +68,6 @@
     "origin-ca-issuer",
     "rook-ceph",
     "qbittorrent",
-    "flux",
     "bazarr",
     "overseer",
     "prowlarr",
@@ -71,8 +80,6 @@
     "sonarranime",
     "tautulli",
     "nzbget",
-    "static",
-    "blackbox",
     "vpn-gateway",
     "hajimari",
     "theme-park"

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: cloudnative-pg
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://cloudnative-pg.github.io/charts
@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: grafana
+  namespace: flux-system
+spec:
+  interval: 30m
+  url: https://grafana.github.io/helm-charts
+  timeout: 3m
@@ -2,16 +2,19 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - bitnami-charts.yaml
   - cilium-charts.yaml
+  - cloudnative-pg-charts.yaml
   - external-dns-charts.yaml
+  - grafana-charts.yaml
   - ingress-nginx-charts.yaml
   - jetstack-charts.yaml
   - k8s-gateway-charts.yaml
+  - kubereboot-charts.yaml
   - metallb-charts.yaml
   - metrics-server-charts.yaml
   - prometheus-community-charts.yaml
   - rook-ceph-charts.yaml
-  - stakater-charts.yaml
   - sealed-secrets-charts.yaml
-  - bitnami-charts.yaml
-  - kubereboot-charts.yaml
+  - stakater-charts.yaml
+  - vector-charts.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: vector
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://helm.vector.dev
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: databases
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
@@ -0,0 +1,16 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres
+  namespace: databases
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  storage:
+    size: 10Gi
+    storageClass: ceph-block
+  superuserSecret:
+    name: postgres-superuser
+  monitoring:
+    enablePodMonitor: true
@@ -0,0 +1,33 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: postgres
+  namespace: databases
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: cloudnative-pg
+      version: 0.15.0
+      sourceRef:
+        kind: HelmRepository
+        name: cloudnative-pg
+        namespace: flux-system
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: 10m
+    recreate: true
+    cleanupOnFail: true
+  values:
+    crds:
+      create: false
@@ -0,0 +1,17 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - secret.sops.yaml
+  - helm-release.yaml
+  - cluster.yaml
+configMapGenerator:
+  - name: cloudnative-pg-dashboard
+    files:
+      - cloudnative-pg-dashboard.json=https://raw.githubusercontent.com/cloudnative-pg/charts/main/charts/cnpg-sandbox/dashboard.json
+generatorOptions:
+  disableNameSuffixHash: true
+  annotations:
+    kustomize.toolkit.fluxcd.io/substitute: disabled
+  labels:
+    grafana_dashboard: "true"
@@ -0,0 +1,58 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: postgres-superuser
+    namespace: databases
+stringData:
+    username: ENC[AES256_GCM,data:FD8BSiM5fBts4Aw=,iv:Kq6646pYuvWxOv3PWATY3NMnkZhIA9/rMJugal/nDjE=,tag:XxmFZrnvQ/RUyWXQ/C2JQQ==,type:str]
+    password: ENC[AES256_GCM,data:UuNEPCydjrIMBe0=,iv:FQ/CxQq9Mt0bXkeGsB/7vxsrZ+olSFy/Rlt1T/l1kYE=,tag:+/ebf9ZjQ/npUsRjzE5h6g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1eynu35v0tpg9remal6zeecfeg9e84a2qxake027wwgdn02rdfcls7nyv8r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TENNN3V6MnVxSWlBRmVz
+            ekNaRjZ3MlJXVk1oZ2pZWExYYVlLM0oveDJnCklpYnVTWUQwZHJHNDR2S3U3MEQ0
+            WWg4SGZWK2IrQ1FyeFk5Qmd4clc3L00KLS0tIGlvWTRLMjVjVTFlTlREVm5SRUJG
+            Z1R3RFV5bER5Q0VBb3RnK0diNXpNcVkK3U21Y5GWvnmPA8hxi8Us7TkNGsCYAvlD
+            QmY8mT6ApdiczqVo1DgFmKDSMIYNGL2wlyyriu9MLCU8a9tGxmj47g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-10-04T21:03:20Z"
+    mac: ENC[AES256_GCM,data:iAgS0g0u73yTGjLl4OyQsuoqYYe5CE9Ad1QQ0+HYRiBS7+GEy2A5DhqwlYJuJlVTz1fdAmWq/O/3pJkNyPqOU3o/tIAuyQTwpw4tLqqJ0Dut3LnyjzzMV7lE5cMODmNfx+WhpcjKRAC2iCT50bDskEc6k4FGexfi0fs0wkUPbEw=,iv:zOLY8Xi0f+PY+6EX8vM8gc/HxOw5cRzdSa2OAzqolsM=,tag:oxeflPdBwjfmmM7viFO1FQ==,type:str]
+    pgp: []
+    encrypted_regex: ((?i)(pass|secret($|[^N])|key|token|^data$|^stringData))
+    version: 3.7.3
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: grafana
+    namespace: databases
+stringData:
+    GF_DATABASE_USER: ENC[AES256_GCM,data:41KaDmtK5BkuTh0=,iv:dTL9A5UvgvTYvUSmNpBiuPnKRIumFz0uRYCMWRBcdRM=,tag:ZVjBTuvRzQMkEXjhYOfsTw==,type:str]
+    GF_DATABASE_PASSWORD: ENC[AES256_GCM,data:1lVcej/PghZeSKg=,iv:Sbu7yX8y/pSHucdUetVeiIohcCyrkBox4EPO37GJfBo=,tag:eNixQE4plTppva+hoZJXeQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1eynu35v0tpg9remal6zeecfeg9e84a2qxake027wwgdn02rdfcls7nyv8r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TENNN3V6MnVxSWlBRmVz
+            ekNaRjZ3MlJXVk1oZ2pZWExYYVlLM0oveDJnCklpYnVTWUQwZHJHNDR2S3U3MEQ0
+            WWg4SGZWK2IrQ1FyeFk5Qmd4clc3L00KLS0tIGlvWTRLMjVjVTFlTlREVm5SRUJG
+            Z1R3RFV5bER5Q0VBb3RnK0diNXpNcVkK3U21Y5GWvnmPA8hxi8Us7TkNGsCYAvlD
+            QmY8mT6ApdiczqVo1DgFmKDSMIYNGL2wlyyriu9MLCU8a9tGxmj47g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-10-04T21:03:20Z"
+    mac: ENC[AES256_GCM,data:iAgS0g0u73yTGjLl4OyQsuoqYYe5CE9Ad1QQ0+HYRiBS7+GEy2A5DhqwlYJuJlVTz1fdAmWq/O/3pJkNyPqOU3o/tIAuyQTwpw4tLqqJ0Dut3LnyjzzMV7lE5cMODmNfx+WhpcjKRAC2iCT50bDskEc6k4FGexfi0fs0wkUPbEw=,iv:zOLY8Xi0f+PY+6EX8vM8gc/HxOw5cRzdSa2OAzqolsM=,tag:oxeflPdBwjfmmM7viFO1FQ==,type:str]
+    pgp: []
+    encrypted_regex: ((?i)(pass|secret($|[^N])|key|token|^data$|^stringData))
+    version: 3.7.3
@@ -0,0 +1,49 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app alertmanager-discord
+  namespace: monitoring
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 0.2.2
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+      interval: 15m
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: 10m
+    recreate: true
+    cleanupOnFail: true
+  values:
+    global:
+      nameOverride: *app
+    image:
+      repository: benjojo/alertmanager-discord
+      tag: latest
+    service:
+      main:
+        ports:
+          http:
+            port: 9094
+    resources:
+      requests:
+        cpu: 20m
+        memory: 100Mi
+    envFrom:
+      - secretRef:
+          name: alertmanager-discord-secret
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - secret.sops.yaml
@@ -0,0 +1,31 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: alertmanager-discord-secret
+    namespace: monitoring
+    labels:
+        app.kubernetes.io/name: alertmanager-discord
+type: Opaque
+stringData:
+    DISCORD_WEBHOOK: ENC[AES256_GCM,data:X4wSVMjNcBzHamUy4gDDwdBlwHf+9zBm0u8TBryEHIU39w7k9PW8kDlQC6Cn5EInm85zkDydP5PNTp8z6f1ypJhAwEKcGu7daODXXpHi0UoWqYcVIkuxoxUgajAO8nNxERQ+iUavLduH1QHDJ67fgyuy6iJyUteTaQ==,iv:u89wssUCEltfsSDRIQa64dtphs16NO19ZZOvCQozhA4=,tag:oimjzmsZWO2ukAsVxXPRzA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1eynu35v0tpg9remal6zeecfeg9e84a2qxake027wwgdn02rdfcls7nyv8r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMFI2WVlGOWhhdHdaNlkr
+            MFVPczFFcmJ6TDBtNDNiWFQxcGpEY3o4Z2owCnlRcW1qZUVQb2pzWEx2b3dpZDd4
+            ZUVpb1orWXQ0ZkMvV0wzS0F2djRSZDQKLS0tIHA2cEl0Q05qbU51RXh4SWprajhr
+            Z0hDTEgyeE94azhVSkVjb3NxS29Zc28K1tSWQXfEdMZX/HcitWShuTyaRD26VeHL
+            N4+LidD6V69SHblAiCIf2rbWWgemobiwbuIgGxE1VqLi3KWdKCEwQQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-10-06T19:20:52Z"
+    mac: ENC[AES256_GCM,data:09yhy8Yl95MPVSBVdh5MWohoOumOU5UV+DktKxqQG1VM1bwAd1gF70/Yh3ok2vcHKREb7sIzwzlMI0n+y1pI2bRXLJT7M0ru7LsJDJ+xs6vj8OXL2S88TE+FRUDlxali4XBLkY94DKmBrfIK3Uqc7rClOOHMv81eeodplQmi7Zw=,iv:Pv3Og4etVefQzxCCXn+QjWCBYxXOy9OHMKPPEL5Jtq8=,tag:1ypZQi7qYJN0AlSiGtOKKw==,type:str]
+    pgp: []
+    encrypted_regex: ((?i)(pass|secret($|[^N])|key|token|^data$|^stringData))
+    version: 3.7.3