installer: env and app manager
diff --git a/core/installer/values-tmpl/certificate-issuer.yaml b/core/installer/values-tmpl/certificate-issuer.yaml
index 46a5345..7cabe94 100644
--- a/core/installer/values-tmpl/certificate-issuer.yaml
+++ b/core/installer/values-tmpl/certificate-issuer.yaml
@@ -22,14 +22,15 @@
gandiWebhookSecretReader: {{ .Values.PCloudEnvName }}-cert-manager-webhook-gandi
public:
name: {{ .Values.Id }}-public
- server: https://acme-v02.api.letsencrypt.org/directory
+ # server: https://acme-v02.api.letsencrypt.org/directory
+ server: https://acme-staging-v02.api.letsencrypt.org/directory
domain: {{ .Values.Domain }}
- stagingServer: https://acme-staging-v02.api.letsencrypt.org/directory
contactEmail: {{ .Values.ContactEmail }}
ingressClass: {{ .Values.PCloudEnvName }}-ingress-public
private:
name: {{ .Values.Id }}-private
- server: https://acme-v02.api.letsencrypt.org/directory
+ # server: https://acme-v02.api.letsencrypt.org/directory
+ server: https://acme-staging-v02.api.letsencrypt.org/directory
domain: p.{{ .Values.Domain }}
contactEmail: {{ .Values.ContactEmail }}
ingressClassName: {{ .Values.Id }}-ingress-private
diff --git a/core/installer/values-tmpl/headscale.yaml b/core/installer/values-tmpl/headscale.yaml
new file mode 100644
index 0000000..82e8712
--- /dev/null
+++ b/core/installer/values-tmpl/headscale.yaml
@@ -0,0 +1,24 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: headscale
+ namespace: {{ .Values.NamespacePrefix }}app-headscale
+spec:
+ chart:
+ spec:
+ chart: charts/headscale
+ sourceRef:
+ kind: GitRepository
+ name: pcloud
+ namespace: {{ .Values.Id }}
+ interval: 1m0s
+ values:
+ image:
+ repository: headscale/headscale
+ tag: 0.22.3
+ pullPolicy: IfNotPresent
+ storage:
+ size: 5Gi
+ ingressClassName: pcloud-ingress-public
+ certificateIssuer: lekva-public
+ domain: {{ .Values.Domain }}
diff --git a/core/installer/values-tmpl/ingress-private.yaml b/core/installer/values-tmpl/ingress-private.yaml
index 29f0d98..760ff96 100644
--- a/core/installer/values-tmpl/ingress-private.yaml
+++ b/core/installer/values-tmpl/ingress-private.yaml
@@ -6,15 +6,11 @@
spec:
chart:
spec:
- chart: ingress-nginx
- version: 4.0.3
+ chart: charts/ingress-nginx
sourceRef:
- kind: HelmRepository
- name: ingress-nginx
+ kind: GitRepository
+ name: pcloud
namespace: {{ .Values.Id }}
- dependsOn:
- - name: vpn-mesh-config
- namespace: {{ .Values.NamespacePrefix }}ingress-private
interval: 1m0s
values:
fullnameOverride: {{ .Values.Id }}-nginx-private
@@ -30,42 +26,42 @@
controllerValue: k8s.io/{{ .Values.Id }}-ingress-private
extraArgs:
default-ssl-certificate: "{{ .Values.Id }}-ingress-private/cert-wildcard.p.{{ .Values.Domain }}"
- extraVolumes:
- - name: lighthouse-cert
- secret:
- secretName: node-lighthouse-cert
- - name: config
- configMap:
- name: lighthouse-config
- extraContainers:
- - name: lighthouse
- image: giolekva/nebula:latest
- imagePullPolicy: IfNotPresent
- securityContext:
- privileged: true
- capabilities:
- add:
- - NET_ADMIN
- ports:
- - name: nebula
- containerPort: {{ .Values.LighthouseMainPort }}
- protocol: UDP
- command:
- - nebula
- - --config=/etc/nebula/config/lighthouse.yaml
- volumeMounts:
- - name: lighthouse-cert
- mountPath: /etc/nebula/lighthouse
- - name: config
- mountPath: /etc/nebula/config
- config:
- bind-address: {{ .Values.LighthouseMainIP }}
- proxy-body-size: 0
- udp:
- "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-udp:53"
- tcp:
- "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-tcp:53"
- "143": "{{ .Values.NamespacePrefix }}app-maddy/maddy:143"
- "465": "{{ .Values.NamespacePrefix }}app-maddy/maddy:465"
- "587": "{{ .Values.NamespacePrefix }}app-maddy/maddy:587"
- "993": "{{ .Values.NamespacePrefix }}app-maddy/maddy:993"
+ # extraVolumes:
+ # - name: lighthouse-cert
+ # secret:
+ # secretName: node-lighthouse-cert
+ # - name: config
+ # configMap:
+ # name: lighthouse-config
+ # extraContainers:
+ # - name: lighthouse
+ # image: giolekva/nebula:latest
+ # imagePullPolicy: IfNotPresent
+ # securityContext:
+ # privileged: true
+ # capabilities:
+ # add:
+ # - NET_ADMIN
+ # ports:
+ # - name: nebula
+ # containerPort: {{ .Values.LighthouseMainPort }}
+ # protocol: UDP
+ # command:
+ # - nebula
+ # - --config=/etc/nebula/config/lighthouse.yaml
+ # volumeMounts:
+ # - name: lighthouse-cert
+ # mountPath: /etc/nebula/lighthouse
+ # - name: config
+ # mountPath: /etc/nebula/config
+ # config:
+ # bind-address: {{ .Values.LighthouseMainIP }}
+ # proxy-body-size: 0
+ # udp:
+ # "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-udp:53"
+ # tcp:
+ # "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-tcp:53"
+ # "143": "{{ .Values.NamespacePrefix }}app-maddy/maddy:143"
+ # "465": "{{ .Values.NamespacePrefix }}app-maddy/maddy:465"
+ # "587": "{{ .Values.NamespacePrefix }}app-maddy/maddy:587"
+ # "993": "{{ .Values.NamespacePrefix }}app-maddy/maddy:993"
diff --git a/core/installer/values-tmpl/ingress-public.yaml b/core/installer/values-tmpl/ingress-public.yaml
new file mode 100644
index 0000000..f3c4748
--- /dev/null
+++ b/core/installer/values-tmpl/ingress-public.yaml
@@ -0,0 +1,28 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: ingress-public
+ namespace: {{ .Values.NamespacePrefix }}ingress-public
+spec:
+ chart:
+ spec:
+ chart: ingress-nginx
+ version: 4.0.3
+ sourceRef:
+ kind: HelmRepository
+ name: ingress-nginx
+ namespace: {{ .Values.Id }}
+ interval: 1m0s
+ values:
+ fullnameOverride: {{ .Values.Id }}-ingress-public
+ controller:
+ service:
+ type: LoadBalancer
+ ingressClassByName: true
+ ingressClassResource:
+ name: {{ .Values.Id }}-ingress-public
+ enabled: true
+ default: false
+ controllerValue: k8s.io/{{ .Values.Id }}-ingress-public
+ config:
+ proxy-body-size: 100M
diff --git a/core/installer/values-tmpl/rpuppy.yaml b/core/installer/values-tmpl/rpuppy.yaml
new file mode 100644
index 0000000..05298b8
--- /dev/null
+++ b/core/installer/values-tmpl/rpuppy.yaml
@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: rpuppy
+ namespace: {{ .Values.NamespacePrefix }}app-rpuppy
+spec:
+ chart:
+ spec:
+ chart: charts/rpuppy
+ sourceRef:
+ kind: GitRepository
+ name: pcloud
+ namespace: {{ .Values.Id }}
+ interval: 1m0s
+ values:
+ ingressClassName: pcloud-ingress-public
+ certificateIssuer: lekva-public
+ domain: woof.{{ .Values.Domain }}