chore: Formatting

szinn · Jan 15, 2025 · a796a42 · a796a42
1 parent 2641b80
commit a796a42
Show file tree

Hide file tree

Showing 28 changed files with 117 additions and 82 deletions.
diff --git a/.taskfiles/Proxmox/Taskfile.yaml b/.taskfiles/Proxmox/Taskfile.yaml
@@ -18,37 +18,37 @@ tasks:
   start-staging:
     desc: Start staging cluster
     cmds:
-      - for: { var: ALL_VMS, split: " " }
+      - for: {var: ALL_VMS, split: " "}
         task: start-vm-{{.ITEM}}
 
   stop-staging:
     desc: Stop staging cluster
     cmds:
-      - for: { var: ALL_VMS, split: " " }
+      - for: {var: ALL_VMS, split: " "}
         task: stop-vm-{{.ITEM}}
 
   unmount-staging-cdrom:
     desc: Unmount staging cluster CD-ROM drives
     cmds:
-      - for: { var: ALL_VMS, split: " " }
+      - for: {var: ALL_VMS, split: " "}
         task: unmount-cdrom-{{.ITEM}}
 
   destroy-staging:
     desc: Destroy staging cluster
     cmds:
-      - for: { var: ALL_VMS, split: " " }
+      - for: {var: ALL_VMS, split: " "}
         task: destroy-vm-{{.ITEM}}
 
   create-staging:
     desc: Create staging cluster
     cmds:
-      - for: { var: CP_VMS, split: " " }
+      - for: {var: CP_VMS, split: " "}
         task: create-cp-vm-{{.ITEM}}
 
   wait-for-startup:
     internal: true
     cmds:
-      - for: { var: ALL_VMS, split: " " }
+      - for: {var: ALL_VMS, split: " "}
         task: wait-for-startup-{{.ITEM}}
 
   start-vm-*-*-*:

diff --git a/.taskfiles/kubernetes/Taskfile.yaml b/.taskfiles/kubernetes/Taskfile.yaml
@@ -18,7 +18,7 @@ tasks:
   approve-certs:
     desc: Approve pending certs on startup
     cmds:
-      - for: { var: CERTS }
+      - for: {var: CERTS}
         cmd: kubectl --kubeconfig {{.KUBERNETES_DIR}}/{{.cluster}}/kubeconfig --context {{.cluster}} certificate approve {{.ITEM}}
     vars:
       CERTS:

diff --git a/.taskfiles/postgres/Taskfile.yaml b/.taskfiles/postgres/Taskfile.yaml
@@ -415,13 +415,13 @@ tasks:
     cmds:
       - flux --context main suspend helmrelease -n {{.NAMESPACE}} {{.HELMRELEASE}}
       - flux --context main suspend kustomization {{.KUSTOMIZATION}}
-      - for: { var: SERVICES }
+      - for: {var: SERVICES}
         cmd: kubectl --context main scale --replicas=0 -n {{.NAMESPACE}} {{.ITEM}}
 
   _up:
     desc: Bring a service up
     cmds:
-      - for: { var: SERVICES }
+      - for: {var: SERVICES}
         cmd: kubectl --context main  scale --replicas={{.REPLICAS}} -n {{.NAMESPACE}} {{.ITEM}}
       - flux --context main  resume helmrelease -n {{.NAMESPACE}} {{.HELMRELEASE}}
       - flux --context main  resume kustomization {{.KUSTOMIZATION}}

diff --git a/kubernetes/main/apps/cert-manager/cert-manager/app/prometheus-rules.yaml b/kubernetes/main/apps/cert-manager/cert-manager/app/prometheus-rules.yaml
@@ -15,7 +15,8 @@ spec:
           labels:
             severity: critical
           annotations:
-            description: "New certificates will not be able to be minted, and existing
+            description:
+              "New certificates will not be able to be minted, and existing
               ones can't be renewed until cert-manager is back."
             runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerabsent
             summary: "Cert Manager has dissapeared from Prometheus service discovery."
@@ -30,11 +31,13 @@ spec:
           labels:
             severity: warning
           annotations:
-            description: "The domain that this cert covers will be unavailable after
+            description:
+              "The domain that this cert covers will be unavailable after
               {{ $value | humanizeDuration }}. Clients using endpoints that this cert
               protects will start to fail in {{ $value | humanizeDuration }}."
             runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertexpirysoon
-            summary: "The cert {{ $labels.name }} is {{ $value | humanizeDuration }}
+            summary:
+              "The cert {{ $labels.name }} is {{ $value | humanizeDuration }}
               from expiry, it should have renewed over a week ago."
         - alert: CertManagerCertNotReady
           expr: |
@@ -44,7 +47,8 @@ spec:
           labels:
             severity: critical
           annotations:
-            description: "This certificate has not been ready to serve traffic for at least
+            description:
+              "This certificate has not been ready to serve traffic for at least
               10m. If the cert is being renewed or there is another valid cert, the ingress
               controller _may_ be able to serve that instead."
             runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertnotready
@@ -57,7 +61,8 @@ spec:
           labels:
             severity: critical
           annotations:
-            description: "Depending on the rate limit, cert-manager may be unable to generate
+            description:
+              "Depending on the rate limit, cert-manager may be unable to generate
               certificates for up to a week."
             runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerhittingratelimits
             summary: "Cert manager hitting LetsEncrypt rate limits."
diff --git a/kubernetes/main/apps/dbms/dragonfly-operator/app/helm-release.yaml b/kubernetes/main/apps/dbms/dragonfly-operator/app/helm-release.yaml
@@ -37,7 +37,7 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
             probes:
               liveness:
                 enabled: true

diff --git a/kubernetes/main/apps/external-secrets/onepassword-connect/app/helm-release.yaml b/kubernetes/main/apps/external-secrets/onepassword-connect/app/helm-release.yaml
@@ -66,7 +66,7 @@ spec:
             securityContext: &securityContext
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
             resources: &resources
               requests:
                 cpu: 10m
@@ -114,7 +114,7 @@ spec:
         runAsGroup: 999
         fsGroup: 999
         fsGroupChangePolicy: OnRootMismatch
-        seccompProfile: { type: RuntimeDefault }
+        seccompProfile: {type: RuntimeDefault}
     service:
       api:
         controller: onepassword-connect

diff --git a/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml b/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml
@@ -60,5 +60,17 @@ securityContext:
   privileged: true
   capabilities:
     ciliumAgent:
-      [CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID]
+      [
+        CHOWN,
+        KILL,
+        NET_ADMIN,
+        NET_RAW,
+        IPC_LOCK,
+        SYS_ADMIN,
+        SYS_RESOURCE,
+        DAC_OVERRIDE,
+        FOWNER,
+        SETGID,
+        SETUID
+      ]
     cleanCiliumState: [NET_ADMIN, SYS_ADMIN, SYS_RESOURCE]
diff --git a/kubernetes/main/apps/media/bazarr/app/helm-release.yaml b/kubernetes/main/apps/media/bazarr/app/helm-release.yaml
@@ -56,7 +56,7 @@ spec:
             securityContext: &securityContext
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
             resources:
               requests:
                 cpu: 10m
@@ -84,7 +84,7 @@ spec:
         runAsNonRoot: true
         fsGroup: 2000
         fsGroupChangePolicy: OnRootMismatch
-        seccompProfile: { type: RuntimeDefault }
+        seccompProfile: {type: RuntimeDefault}
     service:
       app:
         controller: bazarr

diff --git a/kubernetes/main/apps/media/lidarr/app/helm-release.yaml b/kubernetes/main/apps/media/lidarr/app/helm-release.yaml
@@ -34,7 +34,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
         fsGroupChangePolicy: OnRootMismatch
-        seccompProfile: { type: RuntimeDefault }
+        seccompProfile: {type: RuntimeDefault}
     controllers:
       lidarr:
         annotations:
@@ -80,7 +80,7 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
     service:
       app:
         controller: lidarr

diff --git a/kubernetes/main/apps/media/prowlarr/app/helm-release.yaml b/kubernetes/main/apps/media/prowlarr/app/helm-release.yaml
@@ -34,7 +34,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
         fsGroupChangePolicy: OnRootMismatch
-        seccompProfile: { type: RuntimeDefault }
+        seccompProfile: {type: RuntimeDefault}
     controllers:
       prowlarr:
         annotations:
@@ -80,7 +80,7 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
     service:
       app:
         controller: prowlarr

diff --git a/kubernetes/main/apps/media/radarr-4k/app/helm-release.yaml b/kubernetes/main/apps/media/radarr-4k/app/helm-release.yaml
@@ -92,7 +92,7 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
     service:
       app:
         controller: radarr-4k

diff --git a/kubernetes/main/apps/media/radarr/app/helm-release.yaml b/kubernetes/main/apps/media/radarr/app/helm-release.yaml
@@ -92,7 +92,7 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
     service:
       app:
         controller: radarr

diff --git a/kubernetes/main/apps/media/sonarr/app/helm-release.yaml b/kubernetes/main/apps/media/sonarr/app/helm-release.yaml
@@ -91,7 +91,7 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
     service:
       app:
         controller: sonarr

diff --git a/kubernetes/main/apps/observability/gatus/app/helm-release.yaml b/kubernetes/main/apps/observability/gatus/app/helm-release.yaml
@@ -80,12 +80,12 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
             resources: *resources
         pod:
           dnsConfig:
             options:
-              - { name: ndots, value: "1" }
+              - {name: ndots, value: "1"}
           securityContext:
             runAsUser: 2000
             runAsGroup: 2000

diff --git a/kubernetes/main/apps/observability/grafana/app/helm-release.yaml b/kubernetes/main/apps/observability/grafana/app/helm-release.yaml
@@ -444,7 +444,7 @@ spec:
           gnetId: 20204
           revision: 1
           datasource:
-            - { name: DS_PROMETHEUS, value: Prometheus }
+            - {name: DS_PROMETHEUS, value: Prometheus}
         node-feature-discovery:
           url: https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/examples/grafana-dashboard.json
           datasource: Prometheus

diff --git a/kubernetes/main/apps/observability/kromgo/app/helm-release.yaml b/kubernetes/main/apps/observability/kromgo/app/helm-release.yaml
@@ -44,7 +44,7 @@ spec:
             securityContext:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
+              capabilities: {drop: ["ALL"]}
             resources:
               limits: &resources
                 memory: 64Mi

diff --git a/kubernetes/main/apps/observability/kromgo/app/resources/config.yaml b/kubernetes/main/apps/observability/kromgo/app/resources/config.yaml
@@ -28,42 +28,42 @@ metrics:
     title: CPU
     suffix: "%"
     colors:
-      - { color: "green", min: 0, max: 35 }
-      - { color: "orange", min: 36, max: 75 }
-      - { color: "red", min: 76, max: 9999 }
+      - {color: "green", min: 0, max: 35}
+      - {color: "orange", min: 36, max: 75}
+      - {color: "red", min: 76, max: 9999}
 
   - name: cluster_memory_usage
     query: round(sum(node_memory_MemTotal_bytes{kubernetes_node=~"k8s-[0-9]+"} - node_memory_MemAvailable_bytes{kubernetes_node=~"k8s-[0-9]+"}) / sum(node_memory_MemTotal_bytes{kubernetes_node=~"k8s-[0-9]+"}) * 100, 0.1)
     title: Memory
     suffix: "%"
     colors:
-      - { color: green, min: 0, max: 35 }
-      - { color: orange, min: 36, max: 75 }
-      - { color: red, min: 76, max: 9999 }
+      - {color: green, min: 0, max: 35}
+      - {color: orange, min: 36, max: 75}
+      - {color: red, min: 76, max: 9999}
 
   - name: cluster_power_usage
     query: round(unpoller_device_outlet_ac_power_consumption, 0.1)
     title: Power
     suffix: "w"
     colors:
-      - { color: "green", min: 0, max: 400 }
-      - { color: "orange", min: 401, max: 750 }
-      - { color: "red", min: 751, max: 9999 }
+      - {color: "green", min: 0, max: 400}
+      - {color: "orange", min: 401, max: 750}
+      - {color: "red", min: 751, max: 9999}
 
   - name: cluster_age_days
     query: round((time() - min(kube_node_created{node=~"k8s-[0-9]+"}) ) / 86400)
     title: Age
     suffix: "d"
     colors:
-      - { color: "green", min: 0, max: 180 }
-      - { color: "orange", min: 181, max: 360 }
-      - { color: "red", min: 361, max: 9999 }
+      - {color: "green", min: 0, max: 180}
+      - {color: "orange", min: 181, max: 360}
+      - {color: "red", min: 361, max: 9999}
 
   - name: cluster_uptime_days
     query: round(avg(node_time_seconds{kubernetes_node=~"k8s-[0-9]+"} - node_boot_time_seconds{kubernetes_node=~"k8s-[0-9]+"}) / 86400)
     title: Uptime
     suffix: "d"
     colors:
-      - { color: "green", min: 0, max: 180 }
-      - { color: "orange", min: 181, max: 360 }
-      - { color: "red", min: 361, max: 9999 }
+      - {color: "green", min: 0, max: 180}
+      - {color: "orange", min: 181, max: 360}
+      - {color: "red", min: 361, max: 9999}
diff --git a/kubernetes/main/apps/observability/kube-prometheus-stack/app/alertmanager-config.yaml b/kubernetes/main/apps/observability/kube-prometheus-stack/app/alertmanager-config.yaml
@@ -13,9 +13,16 @@ spec:
     repeatInterval: 5m
     routes:
       - receiver: "null"
-        matchers: [{ name: alertname, value: InfoInhibitor|Watchdog|CPUThrottlingHigh, matchType: =~ }]
+        matchers:
+          [
+            {
+              name: alertname,
+              value: InfoInhibitor|Watchdog|CPUThrottlingHigh,
+              matchType: =~
+            }
+          ]
       - receiver: discord
-        matchers: [{ name: severity, value: critical|warning, matchType: =~ }]
+        matchers: [{name: severity, value: critical|warning, matchType: =~}]
         continue: true
   receivers:
     - name: "null"
@@ -60,13 +67,13 @@ spec:
               {{- end }}
             {{- end }}
   inhibitRules:
-    - sourceMatch: [{ name: severity, value: critical, matchType: = }]
-      targetMatch: [{ name: severity, value: warning|info, matchType: =~ }]
+    - sourceMatch: [{name: severity, value: critical, matchType: =}]
+      targetMatch: [{name: severity, value: warning|info, matchType: =~}]
       equal: ["namespace", "alertname"]
-    - sourceMatch: [{ name: severity, value: warning, matchType: = }]
-      targetMatch: [{ name: severity, value: info, matchType: = }]
+    - sourceMatch: [{name: severity, value: warning, matchType: =}]
+      targetMatch: [{name: severity, value: info, matchType: =}]
       equal: ["namespace", "alertname"]
-    - sourceMatch: [{ name: alertname, value: InfoInhibitor, matchType: = }]
-      targetMatch: [{ name: severity, value: info, matchType: = }]
+    - sourceMatch: [{name: alertname, value: InfoInhibitor, matchType: =}]
+      targetMatch: [{name: severity, value: info, matchType: =}]
       equal: ["namespace"]
-    - targetMatch: [{ name: alertname, value: InfoInhibitor, matchType: = }]
+    - targetMatch: [{name: alertname, value: InfoInhibitor, matchType: =}]
diff --git a/kubernetes/main/apps/observability/loki/app/service-monitor.yaml b/kubernetes/main/apps/observability/loki/app/service-monitor.yaml
@@ -14,10 +14,10 @@ spec:
       - observability
   selector:
     matchExpressions:
-      - { key: app.kubernetes.io/component, operator: In, values: [read] }
-      - { key: app.kubernetes.io/instance, operator: In, values: [*app] }
-      - { key: app.kubernetes.io/name, operator: In, values: [*app] }
-      - { key: prometheus.io/service-monitor, operator: NotIn, values: ["false"] }
+      - {key: app.kubernetes.io/component, operator: In, values: [read]}
+      - {key: app.kubernetes.io/instance, operator: In, values: [*app]}
+      - {key: app.kubernetes.io/name, operator: In, values: [*app]}
+      - {key: prometheus.io/service-monitor, operator: NotIn, values: ["false"]}
 
     matchLabels:
       <<: *labels