geesawra.industries / clorofilla.casa
Shitty IaC
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

*: reverse proxy some internal services, auto redirect traefik to tls always

Gee Sawra e1fc86c9 255673fc

+243 -94
+56 -50
ansible/2_services.yml
··· 4 4 become: false 5 5 tags: k8s 6 6 tasks: 7 - - name: Add NFS provisioner Helm repo 8 - kubernetes.core.helm_repository: 9 - name: nfs-subdir-external-provisioner 10 - repo_url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ 7 + - name: Add NFS provisioner Helm repo 8 + kubernetes.core.helm_repository: 9 + name: nfs-subdir-external-provisioner 10 + repo_url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ 11 11 12 - - name: Deploy NFS provisioner 13 - kubernetes.core.helm: 14 - name: nfs-provisioner 15 - chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner 16 - release_namespace: kube-system 17 - create_namespace: true 18 - values: 19 - nfs: 20 - server: "{{ nas_ip }}" 21 - path: "{{ nas_path }}" 22 - storageClass: 23 - name: nfs-client 24 - defaultClass: false 12 + - name: Deploy NFS provisioner 13 + kubernetes.core.helm: 14 + name: nfs-provisioner 15 + chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner 16 + release_namespace: kube-system 17 + create_namespace: true 18 + values: 19 + nfs: 20 + server: "{{ nas_ip }}" 21 + path: "{{ nas_path }}" 22 + storageClass: 23 + name: nfs-client 24 + defaultClass: false 25 25 26 - - name: Deploy Home Assistant stable 27 - tags: ha 28 - kubernetes.core.k8s: 29 - state: present 30 - src: k8s/ha.yml 26 + - name: Deploy Home Assistant stable 27 + tags: ha 28 + kubernetes.core.k8s: 29 + state: present 30 + src: k8s/ha.yml 31 31 32 - - name: Deploy Transmission for my torrents 33 - tags: transmission 34 - kubernetes.core.k8s: 35 - state: present 36 - src: k8s/transmission.yml 32 + - name: Deploy Transmission for my torrents 33 + tags: transmission 34 + kubernetes.core.k8s: 35 + state: present 36 + src: k8s/transmission.yml 37 37 38 - - name: Deploy Transmission for other's torrents 39 - tags: transmission-others,transmission 40 - kubernetes.core.k8s: 41 - state: present 42 - src: k8s/transmission_others.yml 38 + - name: Deploy Transmission for other's torrents 39 + tags: transmission-others,transmission 40 + kubernetes.core.k8s: 41 + state: present 42 + src: k8s/transmission_others.yml 43 + 44 + - name: Deploy postgres operator 45 + tags: postgres 46 + kubernetes.core.k8s: 47 + state: present 48 + src: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.28/releases/cnpg-1.28.0.yaml 43 49 44 - - name: Deploy postgres operator 45 - tags: postgres 46 - kubernetes.core.k8s: 47 - state: present 48 - src: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.28/releases/cnpg-1.28.0.yaml 50 + - name: Deploy Immich dependencies 51 + tags: immich 52 + kubernetes.core.k8s: 53 + state: present 54 + src: k8s/immich.yml 49 55 50 - - name: Deploy Immich dependencies 51 - tags: immich 52 - kubernetes.core.k8s: 53 - state: present 54 - src: k8s/immich.yml 56 + - name: Deploy Immich through Helm 57 + tags: immich 58 + kubernetes.core.helm: 59 + name: immich 60 + chart_ref: oci://ghcr.io/immich-app/immich-charts/immich 61 + release_namespace: immich 62 + values_files: 63 + - k8s/immich_values.yml 55 64 56 - - name: Deploy Immich through Helm 57 - tags: immich 58 - kubernetes.core.helm: 59 - name: immich 60 - chart_ref: oci://ghcr.io/immich-app/immich-charts/immich 61 - release_namespace: immich 62 - values_files: 63 - - k8s/immich_values.yml 65 + - name: Deploy reverse proxied services 66 + tags: reverse-proxy 67 + kubernetes.core.k8s: 68 + state: present 69 + src: k8s/reverse-proxy.yml
+128
ansible/k8s/reverse-proxy.yml
··· 1 + apiVersion: v1 2 + kind: Namespace 3 + metadata: 4 + name: reverse-proxy 5 + --- 6 + apiVersion: v1 7 + kind: Service 8 + metadata: 9 + name: truenas 10 + namespace: reverse-proxy 11 + spec: 12 + ports: 13 + - port: 80 14 + targetPort: 80 15 + --- 16 + apiVersion: v1 17 + kind: Endpoints 18 + metadata: 19 + name: truenas 20 + namespace: reverse-proxy 21 + subsets: 22 + - addresses: 23 + - ip: 192.168.1.155 24 + ports: 25 + - port: 80 26 + --- 27 + apiVersion: v1 28 + kind: Service 29 + metadata: 30 + name: zerobyte 31 + namespace: reverse-proxy 32 + spec: 33 + ports: 34 + - port: 30314 35 + targetPort: 30314 36 + --- 37 + apiVersion: v1 38 + kind: Endpoints 39 + metadata: 40 + name: zerobyte 41 + namespace: reverse-proxy 42 + subsets: 43 + - addresses: 44 + - ip: 192.168.1.155 45 + ports: 46 + - port: 30314 47 + --- 48 + apiVersion: v1 49 + kind: Service 50 + metadata: 51 + name: almalinux-webui 52 + namespace: reverse-proxy 53 + spec: 54 + ports: 55 + - port: 9090 56 + targetPort: 9090 57 + --- 58 + apiVersion: v1 59 + kind: Endpoints 60 + metadata: 61 + name: almalinux-webui 62 + namespace: reverse-proxy 63 + subsets: 64 + - addresses: 65 + - ip: 192.168.1.242 66 + ports: 67 + - port: 9090 68 + --- 69 + apiVersion: traefik.io/v1alpha1 70 + kind: ServersTransport 71 + metadata: 72 + name: insecure-skip-verify 73 + namespace: reverse-proxy 74 + spec: 75 + insecureSkipVerify: true 76 + --- 77 + apiVersion: traefik.io/v1alpha1 78 + kind: IngressRoute 79 + metadata: 80 + name: truenas 81 + namespace: reverse-proxy 82 + spec: 83 + entryPoints: 84 + - websecure 85 + routes: 86 + - match: Host(`truenas.clorofilla.casa`) 87 + kind: Rule 88 + services: 89 + - name: truenas 90 + port: 80 91 + tls: 92 + certResolver: default 93 + --- 94 + apiVersion: traefik.io/v1alpha1 95 + kind: IngressRoute 96 + metadata: 97 + name: zerobyte 98 + namespace: reverse-proxy 99 + spec: 100 + entryPoints: 101 + - websecure 102 + routes: 103 + - match: Host(`backups.clorofilla.casa`) 104 + kind: Rule 105 + services: 106 + - name: zerobyte 107 + port: 30314 108 + tls: 109 + certResolver: default 110 + --- 111 + apiVersion: traefik.io/v1alpha1 112 + kind: IngressRoute 113 + metadata: 114 + name: almalinux-webui 115 + namespace: reverse-proxy 116 + spec: 117 + entryPoints: 118 + - websecure 119 + routes: 120 + - match: Host(`almalinux.clorofilla.casa`) 121 + kind: Rule 122 + services: 123 + - name: almalinux-webui 124 + port: 9090 125 + scheme: https 126 + serversTransport: insecure-skip-verify 127 + tls: 128 + certResolver: default
+59 -44
ansible/k8s/traefik_porkbun.yml
··· 1 1 apiVersion: helm.cattle.io/v1 2 2 kind: HelmChartConfig 3 3 metadata: 4 - name: traefik 5 - namespace: kube-system 4 + name: traefik 5 + namespace: kube-system 6 6 spec: 7 - valuesContent: |- 8 - ports: 9 - torrent-tcp: 10 - port: 51413 11 - expose: true 12 - exposedPort: 51413 13 - protocol: TCP 14 - torrent-udp: 15 - port: 51413 16 - expose: true 17 - exposedPort: 51413 18 - protocol: UDP 19 - additionalArguments: 20 - - "--certificatesresolvers.default.acme.email=hello@geesawra.industries" 21 - - "--certificatesresolvers.default.acme.storage=/data/acme.json" 22 - - "--certificatesresolvers.default.acme.dnschallenge=true" 23 - - "--certificatesresolvers.default.acme.dnschallenge.provider=porkbun" 24 - - "--certificatesresolvers.default.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53" 25 - env: 26 - - name: PORKBUN_API_KEY 27 - valueFrom: 28 - secretKeyRef: 29 - name: porkbun-api-credentials 30 - key: api-key 31 - - name: PORKBUN_SECRET_API_KEY 32 - valueFrom: 33 - secretKeyRef: 34 - name: porkbun-api-credentials 35 - key: secret-api-key 7 + valuesContent: |- 8 + entryPoints: 9 + web: 10 + address: :80 11 + http: 12 + redirections: 13 + entryPoint: 14 + to: websecure 15 + scheme: https 16 + ports: 17 + web: 18 + redirectTo: 19 + port: websecure 20 + priority: 10 21 + websecure: 22 + tls: 23 + enabled: true 24 + torrent-tcp: 25 + port: 51413 26 + expose: true 27 + exposedPort: 51413 28 + protocol: TCP 29 + torrent-udp: 30 + port: 51413 31 + expose: true 32 + exposedPort: 51413 33 + protocol: UDP 34 + additionalArguments: 35 + - "--certificatesresolvers.default.acme.email=hello@geesawra.industries" 36 + - "--certificatesresolvers.default.acme.storage=/data/acme.json" 37 + - "--certificatesresolvers.default.acme.dnschallenge=true" 38 + - "--certificatesresolvers.default.acme.dnschallenge.provider=porkbun" 39 + - "--certificatesresolvers.default.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53" 40 + env: 41 + - name: PORKBUN_API_KEY 42 + valueFrom: 43 + secretKeyRef: 44 + name: porkbun-api-credentials 45 + key: api-key 46 + - name: PORKBUN_SECRET_API_KEY 47 + valueFrom: 48 + secretKeyRef: 49 + name: porkbun-api-credentials 50 + key: secret-api-key 36 51 --- 37 52 apiVersion: v1 38 53 kind: ConfigMap 39 54 metadata: 40 - name: traefik-config 41 - namespace: kube-system 55 + name: traefik-config 56 + namespace: kube-system 42 57 data: 43 - traefik.yaml: | 44 - entryPoints: 45 - web: 46 - address: ":80" 47 - http: 48 - redirections: 49 - entryPoint: 50 - to: websecure 51 - scheme: https 52 - websecure: 53 - address: ":443" 58 + traefik.yaml: | 59 + entryPoints: 60 + web: 61 + address: ":80" 62 + http: 63 + redirections: 64 + entryPoint: 65 + to: websecure 66 + scheme: https 67 + websecure: 68 + address: ":443"