Minio hell

szinn · May 4, 2024 · cac030b · cac030b
1 parent 006963c
commit cac030b
Show file tree

Hide file tree

Showing 25 changed files with 64 additions and 295 deletions.
diff --git a/config.sops.env b/config.sops.env
@@ -19,7 +19,6 @@ export SECRET_GRAFANA_OAUTH_CLIENT_SECRET=ENC[AES256_GCM,data:evUN5S6fG347DAbF+Q
 #ENC[AES256_GCM,data:xlM+r3DljXjSOorR2RHyQUPYpEmxJRxOW85tOL4=,iv:KZbXK3DydPu0mpNxIIj0VOrD+/WsZRuANqTwN0CLDKQ=,tag:Zwu/qBxdWt1mH426mzqmew==,type:comment]
 export SECRET_ELASTICSEARCH_PASSWORD=ENC[AES256_GCM,data:dXg4wbiIBi7WCKTTfSOlaLdVWWM8tg==,iv:buH0E35RzjyZYdQHk1uFRXphsT0xm3DXUSu9dJR+kkM=,tag:cgV3Vr1KlBs9xCb+EXyPlQ==,type:str]
 #ENC[AES256_GCM,data:w4FOMbNkisQo6tcXOy64IMx1busb7seFOVIJ,iv:Dov5/BLP/Cm0VQ/oo7eYAMxi+Ud2qZfDV0Az7c+HuSA=,tag:Nrw7PCGYPDNd6XruO/hSmQ==,type:comment]
-export CONFIG_MAIN_CLUSTER_ENDPOINT_IP=ENC[AES256_GCM,data:r/oOov4BtFbq1eg=,iv:BcZgVYow+KhGU2RRTTh2zDAzDBIFdcJkhzHpMPIzQi4=,tag:IKf56lJULlwSC2AcmBYJcg==,type:str]
 export CONFIG_MAIN_SERVICE_CIDR=ENC[AES256_GCM,data:xLTzlTkVFPKTf54MAGpJ,iv:44pHPktV62GnfKtjOzxmK1U7IcbyVG1vzRf92gYnnoQ=,tag:dLPYnntPPZD7eJJjao8twA==,type:str]
 export CONFIG_MAIN_POD_CIDR=ENC[AES256_GCM,data:/uGkEwGb/TDuW49pFj23,iv:heRQ5Kto0G6Zt6985+1HQ+MUAUX9jO3fSi7p2ZrXje0=,tag:CGuKDJinaQssxIuhAhfCwQ==,type:str]
 export CONFIG_MAIN_L2_POOL_CIDR=ENC[AES256_GCM,data:CRKsacfoD7TWsyzPrBQ=,iv:WZRkaJK9rvBxGI3p733x82UsGvmB8P1FtBO2ekLwkVg=,tag:W/Ac7Vh+yTduhg03S6dz7w==,type:str]
@@ -39,7 +38,6 @@ export CONFIG_MAIN_SVC_REDIS_SECONDARY_ADDR=ENC[AES256_GCM,data:87qAMD/2xvEr1pIj
 export CONFIG_MAIN_SVC_INGRESS_INTERNAL_ADDR=ENC[AES256_GCM,data:RQp8mxdD4nL/Dl69,iv:6O8cqj0Dezg/q+F9u28J5UYFBROmbN68dzad2YAfmAY=,tag:o+1ujrxgjZdRb09F7zO5LQ==,type:str]
 export CONFIG_MAIN_SVC_INGRESS_EXTERNAL_ADDR=ENC[AES256_GCM,data:0rBiBfunEN4nvzuD,iv:y0PRXFoENuWozRaQwg+YKt6rqerHaIZ5Vzrq1zf6f3g=,tag:9HL6BOM48sCnHysWsPiPSQ==,type:str]
 #ENC[AES256_GCM,data:lawg98jwkg2EHBJcHzJ2WHoLO+FsLoQGVp03v0nd,iv:VZUw/tq2h0AqN/amXgnVlzkgPzy1iYe9NTLadEXSrhs=,tag:iicJzjLIAZx5QKjF4QCsnQ==,type:comment]
-export CONFIG_STAGING_CLUSTER_ENDPOINT_IP=ENC[AES256_GCM,data:FZDF9dpPpH8c/Wc=,iv:peyh1UxsFeRE41x/6IHzdJ9jesSfT98HrO41IpZs76M=,tag:YOE+CuNqFrynnMT6g/RDFg==,type:str]
 export CONFIG_STAGING_SERVICE_CIDR=ENC[AES256_GCM,data:ZtNJAIAUmUJi9wyDxvV4,iv:/+IniqY/t4ryVgGzo0tM2/YYT/nb70GlpfzX48D50HY=,tag:lPCyv21FsVs8oYzt/VMkxQ==,type:str]
 export CONFIG_STAGING_POD_CIDR=ENC[AES256_GCM,data:IkCZJ7QVuIzJsNR5a8rA,iv:KOjv21c3RlS9h8H51sug5FrUPbtTp+WCOdfrVZDFEG0=,tag:/dr+UcsD/py3LE1PKuFmpw==,type:str]
 export CONFIG_STAGING_L2_POOL_CIDR=ENC[AES256_GCM,data:z4/VpVXl1WdfhGp7XDk=,iv:GtiZFkeXabi1t3kRUBgJrfHs6tNHc/+6unldPUiI708=,tag:ZUZXAemjSTUxHjtDQne8Dg==,type:str]
@@ -48,7 +46,7 @@ export CONFIG_STAGING_SVC_VECTOR_AGGREGATOR_ADDR=ENC[AES256_GCM,data:RYZJHAQYZSZ
 export CONFIG_STAGING_SVC_POSTGRES_ADDR=ENC[AES256_GCM,data:qPOBLkfGZc6LZTgb,iv:04SA834pehqUCFKClrACZ5xQ5tz0FJzOlTw0WP5PedA=,tag:ki82qIvucrqhtee45m4KOg==,type:str]
 sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqU2FCRytsQlRHS2xyM3h6\nMFR3Tm5HR0dXcE8xdVRrZithMURBZE05R1FJCnduQ1BBaUx3MDZRcCtFVVhXc2xO\ndnd3Umc5ZTBwSEp0a0RiTHNHUlhjZkEKLS0tIFdtMXNxOGYrbGxpcmFsd3labGZE\nSnNKSFVNbmlLcVllamZqbHJucnVVSFkK+pkFSEBxqmdWPlb7BI4wcxHxpVBvMMrb\nLq1LNS5NjTgWTVyQG+qFhBDQqozn7FI8iUSCIBRLLCeJHjSs753Wiw==\n-----END AGE ENCRYPTED FILE-----\n
 sops_age__list_0__map_recipient=age1p28u8xjm5sf7jdavc8xsqtw7lxgscefxs7a5dtqszr2885xeputsh9y64y
-sops_lastmodified=2024-04-26T14:59:35Z
-sops_mac=ENC[AES256_GCM,data:MSiVDD3Pj7IuRgfG4Q0hs5KjQ660Uv0yrAZaA51TnnctUIlfnKpvClpORHlfblz6b5DIotVkhGeVPl/YRSMIMARhnn/saAHcYB6s9X+fIsf+AxIsa4QCQM1AO7GwJWl0CAYjjlhRqcrO89OqfxH7MkK1NBcZ9z1LCPKveyp0N+4=,iv:PwBfQJC4is1L0GJ0q5hjLZfeuLlxNR2TLXPNilprHd4=,tag:AdRz/HZjcUwEh28DdZ/W8w==,type:str]
+sops_lastmodified=2024-05-04T18:32:30Z
+sops_mac=ENC[AES256_GCM,data:STCcjzLjTHsKl5zs5zkUQAR1qzPMFDfQaxDj0idw0wohIz+aVn/9gf6Cn4V4CjdiVCKjAVaLHkdxF0+iVz9AS4oSMgzxOrl92jgSTR8sELxHtSY/XNeALA8RGeGODf1IAg1tKm6DoF6HtUT9P+y8B0rTw2M4LehSv6i77i8+v/k=,iv:AMrQ+l+a/Kq8YoYammIYu+KLDR8djzKPJxIDNbNL7Bw=,tag:KC/JH5t8h6czWHosG4NFvg==,type:str]
 sops_unencrypted_suffix=_unencrypted
 sops_version=3.8.1
diff --git a/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml b/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml
@@ -21,8 +21,6 @@ cluster:
 containerRuntime:
   integration: containerd
 
-devices: enp+
-
 enableRuntimeDeviceDetection: true
 
 endpointRoutes:

diff --git a/kubernetes/main/apps/media/openbooks/install.yaml b/kubernetes/main/apps/media/openbooks/install.yaml
@@ -23,7 +23,7 @@ spec:
       APP_GID: "2000"
       VOLSYNC_CLAIM: openbooks-config
       VOLSYNC_CAPACITY: 2Gi
-      VOLSYNC_CACHE_SNAPSHOTCLASS: ceph-block
+      VOLSYNC_CACHE_STORAGECLASS: ceph-block
   prune: true
   wait: false
   interval: 30m

diff --git a/kubernetes/main/apps/media/radarr/install.yaml b/kubernetes/main/apps/media/radarr/install.yaml
@@ -10,7 +10,7 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: &app radarr
-  path: ./kubernetes/main/apps/media/radarr
+  path: ./kubernetes/main/apps/media/radarr/app
   sourceRef:
     kind: GitRepository
     name: homelab-kubernetes

diff --git a/kubernetes/main/apps/media/radarr/kustomization.yaml b/kubernetes/main/apps/media/radarr/kustomization.yaml
diff --git a/kubernetes/main/apps/media/radarr/observability/helm-release.yaml b/kubernetes/main/apps/media/radarr/observability/helm-release.yaml
diff --git a/kubernetes/main/apps/media/radarr/observability/kustomization.yaml b/kubernetes/main/apps/media/radarr/observability/kustomization.yaml
diff --git a/kubernetes/main/apps/media/radarr/observability/prometheus-rules.yaml b/kubernetes/main/apps/media/radarr/observability/prometheus-rules.yaml
diff --git a/kubernetes/main/apps/media/sonarr/install.yaml b/kubernetes/main/apps/media/sonarr/install.yaml
@@ -10,7 +10,7 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: &app sonarr
-  path: ./kubernetes/main/apps/media/sonarr
+  path: ./kubernetes/main/apps/media/sonarr/app
   sourceRef:
     kind: GitRepository
     name: homelab-kubernetes
@@ -24,6 +24,7 @@ spec:
       APP_GID: "2000"
       VOLSYNC_CLAIM: sonarr-config
       VOLSYNC_CAPACITY: 2Gi
+      VOLSYNC_CACHE_STORAGECLASS: ceph-block
       GATUS_APP: sonarr
       GATUS_SUBDOMAIN: sonarr
   prune: true

diff --git a/kubernetes/main/apps/media/sonarr/kustomization.yaml b/kubernetes/main/apps/media/sonarr/kustomization.yaml
diff --git a/kubernetes/main/apps/media/sonarr/observability/helm-release.yaml b/kubernetes/main/apps/media/sonarr/observability/helm-release.yaml
diff --git a/kubernetes/main/apps/media/sonarr/observability/kustomization.yaml b/kubernetes/main/apps/media/sonarr/observability/kustomization.yaml
diff --git a/kubernetes/main/apps/media/sonarr/observability/prometheus-rules.yaml b/kubernetes/main/apps/media/sonarr/observability/prometheus-rules.yaml
diff --git a/kubernetes/main/apps/networking/nginx/internal/helm-release.yaml b/kubernetes/main/apps/networking/nginx/internal/helm-release.yaml
@@ -50,7 +50,7 @@ spec:
               operator: In
               values: ["internal"]
       config:
-        block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
+        # block-user-agents: "GPTBot,~*GPTBot*,ChatGPT-User,~*ChatGPT-User*,Google-Extended,~*Google-Extended*,CCBot,~*CCBot*,Omgilibot,~*Omgilibot*,FacebookBot,~*FacebookBot*" # taken from https://github.com/superseriousbusiness/gotosocial/blob/main/internal/web/robots.go
         client-body-buffer-size: 100M
         client-body-timeout: 120
         client-header-timeout: 120

diff --git a/kubernetes/main/bootstrap/talos/talconfig.yaml b/kubernetes/main/bootstrap/talos/talconfig.yaml
@@ -214,6 +214,18 @@ controlPlane:
                 discard_unpacked_layers = false
               [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
                 discard_unpacked_layers = false
+          - op: overwrite
+            path: /etc/nfsmount.conf
+            permissions: 420
+            content: |-
+              [ NFSMount_Global_Options ]
+              nfsvers=4.2
+              hard=True
+              noatime=True
+              nodiratime=True
+              rsize=131072
+              wsize=131072
+              nconnect=8
 
     # Custom sysctl settings
     - &sysctlPatch |-

diff --git a/kubernetes/main/cluster/vars/cluster-secrets.sops.cfg b/kubernetes/main/cluster/vars/cluster-secrets.sops.cfg
@@ -10,5 +10,5 @@ stringData:
   SECRET_MAIN_DOMAIN_NAME: $MAIN_DOMAIN_NAME
   SECRET_TECH_DOMAIN_NAME: $SECRET_TECH_DOMAIN_NAME
   SECRET_CLOUDFLARED_TUNNEL_ID: $SECRET_CLOUDFLARED_TUNNEL_ID
-  SECRET_ATLAS_NFS_SERVER: atlas.$SECRET_TECH_DOMAIN_NAME
+  SECRET_ATLAS_NFS_SERVER: ragnar.$SECRET_TECH_DOMAIN_NAME
   SECRET_ATLAS_NFS_ROOTDIR: /mnt/atlas/k8s/main
diff --git a/kubernetes/main/cluster/vars/cluster-secrets.sops.cfg.sha256 b/kubernetes/main/cluster/vars/cluster-secrets.sops.cfg.sha256
@@ -1 +1 @@
-6eac1fa04f257b6fb44b71a6c6a9fb064fccf5addd6eccb318c8f51d1804a109
+ca6fcc728b8d4b010d61ac29d13b226572fb32347e75fec2bd811611f0206ac9
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		6eac1fa04f257b6fb44b71a6c6a9fb064fccf5addd6eccb318c8f51d1804a109
		ca6fcc728b8d4b010d61ac29d13b226572fb32347e75fec2bd811611f0206ac9