Skip to content

Commit

Permalink
Initial commit for Talos 🚀
Browse files Browse the repository at this point in the history
  • Loading branch information
@tuxpeople
tuxpeople committed Jun 10, 2024
1 parent ebce537 commit 1ecf989
Show file tree
Hide file tree
Showing 335 changed files with 9,919 additions and 27 deletions.
12 changes: 12 additions & 0 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
creation_rules:
- # IMPORTANT: This rule MUST be above the others
path_regex: talos/.*\.sops\.ya?ml
key_groups:
- age:
- "age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w"
- path_regex: kubernetes/.*\.sops\.ya?ml
encrypted_regex: "^(data|stringData)$"
key_groups:
- age:
- "age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w"
2 changes: 1 addition & 1 deletion Taskfile.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ includes:
optional: true

tasks:

default: task --list

init:
Expand All @@ -58,6 +57,7 @@ tasks:
- task: .template
- task: sops:encrypt
- task: .validate
- cmd: bash {{.ROOT_DIR}}/scripts/rebuild-kustomizations.sh

.template:
internal: true
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: cert-manager
version: v1.14.5
version: v1.15.0
sourceRef:
kind: HelmRepository
name: jetstack
Expand Down
4 changes: 2 additions & 2 deletions bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand All @@ -36,7 +36,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
resources:
- apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/flux-system/webhooks/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand Down
4 changes: 2 additions & 2 deletions bootstrap/templates/kubernetes/apps/kube-system/cilium/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand All @@ -35,7 +35,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/coredns/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: reloader
version: 1.0.101
version: 1.0.105
sourceRef:
kind: HelmRepository
name: stakater
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/reloader/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/spegel/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
app:
image:
repository: docker.io/cloudflare/cloudflared
tag: 2024.5.0
tag: 2024.6.0
env:
NO_AUTOUPDATE: true
TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/cloudflared/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/echo-server/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/external-dns/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand Down
6 changes: 3 additions & 3 deletions bootstrap/templates/kubernetes/apps/network/ingress-nginx/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand All @@ -37,7 +37,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand All @@ -59,7 +59,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/k8s-gateway/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/openebs-system/openebs/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/flux/apps.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
decryption:
provider: sops
secretRef:
Expand Down
4 changes: 2 additions & 2 deletions bootstrap/templates/kubernetes/flux/config/cluster.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: home-kubernetes
name: k8s-homelab
namespace: flux-system
spec:
interval: 30m
Expand Down Expand Up @@ -31,7 +31,7 @@ spec:
wait: false
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
decryption:
provider: sops
secretRef:
Expand Down
30 changes: 30 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
spec:
interval: 30m
chart:
spec:
chart: cert-manager
version: v1.15.0
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
installCRDs: true
dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
dns01RecursiveNameserversOnly: true
prometheus:
enabled: true
servicemonitor:
enabled: true
5 changes: 5 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
41 changes: 41 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: "${SECRET_ACME_EMAIL}"
privateKeySecretRef:
name: letsencrypt-production
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cert-manager-secret
key: api-token
selector:
dnsZones:
- "${SECRET_DOMAIN}"
- "${SECRET_CH_DOMAIN}"
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: "${SECRET_ACME_EMAIL}"
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cert-manager-secret
key: api-token
selector:
dnsZones:
- "${SECRET_DOMAIN}"
- "${SECRET_CH_DOMAIN}"
6 changes: 6 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./issuers.yaml
26 changes: 26 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
apiVersion: v1
kind: Secret
metadata:
name: cert-manager-secret
stringData:
api-token: ENC[AES256_GCM,data:F7C2CGVxyxT2aMKrmqW8DzRXMRXfj6ccg9z3jNG7hv/TJTjdipcKHg==,iv:ZeCw+YvvEi/OS4Eh11fttWWqmQw2dyia+8acraizYhw=,tag:46W7pIm9DBCG7h0Dsohm8w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSVdkV2xtQjVueHN6anpE
WTNTVE16eFpyS1NHYjNSUzZSY0IrT1c5ZWs4Cm5ib0I0VWpYTlp2cyt6L1ErVXBG
Wjh3dGIvelErTGtmUmc4YVpRc2dQaGsKLS0tIDFFYmtnelZjcm5nSzZiU2lLSDk3
Y25wYWptbXV3aTczYVp6Zjd1dnp3YVUKdLZiofuhJoGueozdKTc5PkSwzPfQLllp
eA1ghGvyH2ux+RAobqDwFyD+JXXJ5aPNVTSc1C1dV0WI4QmzAwXi0Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-06T09:08:40Z"
mac: ENC[AES256_GCM,data:M26XTz4ljTD3j9ojYiwPMMoDTWTeryJr5+g7UUvKgelYjVc/Aglb5TplwOfTS561crGGcDo2gRHJ9EsiCRlx0kMh/u7d09FeQLsEy1xrfqueELPczlhXVe1BjryqB34vNfO6QlCjD6QeITzPyRIrCIzjRykYbEQlVgW4ml99TR4=,iv:dqpyvLv7e+aBLvg6B01t0Y6iPxTDk7++z1DLhRr5x9s=,tag:Cq43iF3TWOZtubDb7ZJTSQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
Loading

0 comments on commit 1ecf989

Please sign in to comment.