ghp/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add short names

Browse Source 
add publish conditions for services

use official gitea helm chart
This commit is contained in:
ace 2021-01-25 21:04:57 +03:00
parent f1694a4e81
commit 82c5f35eda
No known key found for this signature in database
GPG Key ID: 2E47CC17BA7F8CF0
26 changed files with 182 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inventory/ghp/sample/group_vars/all/all.yaml
View File

@ -85,9 +85,6 @@ bitwarden_publish: false
gitea_enabled: true
#gitea_size: "20Gi"
#gitea_storage: "nfs-ssd"
#gitea_lfs: true
#gitea_lfs_size: "50Gi"
#gitea_lfs_storage: "nfs-hdd"
gitea_publish_web: false
gitea_publish_ssh: false
gitea_loadbalancer_ip: "192.168.250.5"

20
inventory/ghp/sample/group_vars/ddclient.yaml
View File

@ -23,15 +23,17 @@ ddclient_conf: |
{% endfor %}
ddclient_hosts:
- "{% if nextcloud_publish | default(false) %}nextcloud.{{ domain }}{% else %}omitme{% endif %}"
- "{% if drone_publish | default(false) %}drone.{{ domain }}{% else %}omitme{% endif %}"
- "{% if gitea_publish | default(false) %}gitea.{{ domain }}{% else %}omitme{% endif %}"
- "{% if bitwarden_publish | default(false) %}bitwarden.{{ domain }}{% else %}omitme{% endif %}"
- "{% if wikijs_publish | default(false) %}wikijs.{{ domain }}{% else %}omitme{% endif %}"
- "{% if chartmuseum_publish | default(false) %}charts.{{ domain }}{% else %}omitme{% endif %}"
- "{% if registry_publish | default(false) %}registry.{{ domain }}{% else %}omitme{% endif %}"
- "{% if peertube_publish | default(false) %}peertube.{{ domain }}{% else %}omitme{% endif %}"
- "{% if roundcube_publish | default(false) %}webmail.{{ domain }}{% else %}omitme{% endif %}"
- "{% if nextcloud_publish | default(false) %}{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if drone_publish | default(false) %}{{ drone_short_name | default('drone') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if gitea_publish_web | default(false) %}{{ gitea_short_name | default('gitea') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if bitwarden_publish | default(false) %}{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if playmaker_publish | default(false) %}{{ playmaker_short_name | default('playmaker') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if pipyserver_publish | default(false) %}{{ pipyserver_short_name | default('pip') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if wikijs_publish | default(false) %}{{ wikijs_short_name | default('wikijs') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if chartmuseum_publish | default(false) %}{{ chartsmuseum_short_name | default('charts') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if registry_publish | default(false) %}{{ registry_short_name | default('registry') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if peertube_publish | default(false) %}{{ peertube_short_name | default('peertube') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if roundcube_publish | default(false) %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{{ registry_readonly_ingress | default('omitme') }}"
- "{{ chartmuseum_readonly_ingress | default('omitme') }}"
- "{{ wikijs_readonly_ingress | default('omitme') }}"

24
inventory/ghp/sample/group_vars/web_proxy.yaml
View File

@ -45,28 +45,34 @@ nginx:
default gitea_ssh_{{ namespace }};
{% endif %}
{% if gitea_publish_web %}
gitea.{{ domain }} gitea_web_{{ namespace }};
{{ gitea_short_name | default('gitea') }}.{{ domain }} gitea_web_{{ namespace }};
{% endif %}
{% if playmaker_publish %}
{{ playmaker_short_name | default('playmaker') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if pipyserver_publish %}
{{ pipyserver_short_name | default('pip') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if bitwarden_publish %}
bitwarden.{{ domain }} https_{{ namespace }};
{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if wikijs_publish %}
wikijs.{{ domain }} https_{{ namespace }};
{{ wikijs_short_name | default('wikijs') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if drone_publish %}
drone.{{ domain }} https_{{ namespace }};
{{ drone_short_name | default('drone') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if nextcloud_publish %}
nextcloud.{{ domain }} https_{{ namespace }};
{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if registry_publish %}
registry.{{ domain }} https_{{ namespace }};
{{ registry_short_name | default('registry') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if registry_readonly_ingress %}
{{ registry_readonly_ingress }} https_{{ namespace }};
{% endif %}
{% if chartmuseum_publish %}
charts.{{ domain }} https_{{ namespace }};
{{ chartsmuseum_short_name | default('charts') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if chartmuseum_readonly_ingress %}
{{ chartmuseum_readonly_ingress }} https_{{ namespace }};
@ -75,10 +81,10 @@ nginx:
{{ wikijs_readonly_ingress }} https_{{ namespace }};
{% endif %}
{% if peertube_publish %}
peertube.{{ domain }} https_{{ namespace }};
{{ peertube_short_name | default('peertube') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if roundcube_publish %}
webmail.{{ domain }} https_{{ namespace }};
{{ roundcube_short_name | default('webmail') }}.{{ domain }} https_{{ namespace }};
{% endif %}
- name: "k8s-ghp-{{ namespace }}.conf"
data: |-

7
roles/adguard-home/defaults/main.yaml
View File

@ -1,5 +1,6 @@
adguard_enabled: false
adguard_publish: false
adguard_short_name: "adguard"
adguard_default_values:
# upgrade strategy type (e.g. Recreate or RollingUpdate)
strategyType: RollingUpdate
@ -179,11 +180,11 @@ adguard_default_values:
kubernetes.io/tls-acme: "true"
path: /
hosts:
- adguard.{{ domain }}
- "{{ adguard_short_name }}.{{ domain }}"
tls:
- secretName: adguard.{{ domain }}-tls
- secretName: "{{ adguard_short_name }}.{{ domain }}-tls"
hosts:
- adguard.{{ domain }}
- "{{ adguard_short_name }}adguard.{{ domain }}"
service:
type: ClusterIP

9
roles/bitwarden/defaults/main.yaml
View File

@ -1,10 +1,11 @@
bitwarden_enabled: true
bitwarden_publish: false
bitwarden_use_external_db: true
bitwarden_short_name: "bitwarden"
bitwarden_default_values:
fullnameOverride: "bitwarden"
bitwarden:
domain: "https://bitwarden.{{ domain }}"
domain: "https://{{ bitwarden_short_name }}.{{ domain }}"
signupsAllowed: true
invitationsAllowed: true
gui:
@ -85,9 +86,9 @@ bitwarden_default_values:
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/tls-acme: "true"
hosts:
- host: "bitwarden.{{ domain }}"
- host: "{{ bitwarden_short_name }}.{{ domain }}"
paths: ["/"]
tls:
- secretName: "bitwarden.{{ domain }}-tls"
- secretName: "{{ bitwarden_short_name }}.{{ domain }}-tls"
hosts:
- "bitwarden.{{ domain }}"
- "{{ bitwarden_short_name }}.{{ domain }}"

5
roles/chartmuseum/defaults/main.yaml
View File

@ -1,5 +1,6 @@
chartmuseum_enabled: true
chartmuseum_publish: false
chartmuseum_short_name: "charts"
chartmuseum_default_values:
env:
open:
@ -47,10 +48,10 @@ chartmuseum_default_values:
kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
hosts:
- name: charts.{{ domain }}
- name: "{{ chartmuseum_short_name }}.{{ domain }}"
path: /
tls: true
tlsSecret: charts.{{ domain }}-tls
tlsSecret: "{{ chartmuseum_short_name }}.{{ domain }}-tls"
chartmuseum_readonly_ingress_definition: |
apiVersion: extensions/v1beta1

5
roles/dovecot/defaults/main.yaml
View File

@ -1,3 +1,4 @@
dovecot_short_name: "dovecot"
dovecot_default_values:
replicaCount: 1
persistence:
@ -6,7 +7,7 @@ dovecot_default_values:
tls:
enabled: true
existingSecret: mail.{{ domain }}-secret
existingSecret: "{{ mail_short_name | default('mail') }}.{{ domain }}-secret"
dovecot:
image:
@ -36,7 +37,7 @@ dovecot_default_values:
# it's not found:
!include_try local.conf
ldap: |
uris = ldaps://openldap.{{ domain }}
uris = ldaps://{{ openldap_short_name | default('openldap') }}.{{ domain }}
dn = uid=ldapbind,ou=services,{{ openldap_domain }}
dnpass = {{ ldapbind_pass | default(ldapbind_password) }}
auth_bind = yes

13
roles/drone/defaults/main.yaml
View File

@ -1,6 +1,7 @@
drone_enabled: true
drone_publish: false
drone_use_external_db: true
drone_short_name: "drone"
drone_default_values:
service:
type: ClusterIP
@ -13,13 +14,13 @@ drone_default_values:
cert-manager.io/acme-dns01-provider: "rfc2136"
cert-manager.io/acme-challenge-type: "dns01"
hosts:
- host: "drone.{{ domain }}"
- host: "{{ drone_short_name }}.{{ domain }}"
paths:
- "/"
tls:
- secretName: "drone.{{ domain }}-tls"
- secretName: "{{ drone_short_name }}.{{ domain }}-tls"
hosts:
- "drone.{{ domain }}"
- "{{ drone_short_name }}.{{ domain }}"
persistentVolume:
enabled: true
accessModes:
@ -28,7 +29,7 @@ drone_default_values:
size: "{{ drone_size | default('8Gi') }}"
storageClass: "{{ drone_storage | default('nfs-ssd') }}"
env:
DRONE_SERVER_HOST: "drone.{{ domain }}"
DRONE_SERVER_HOST: "{{ drone_short_name }}.{{ domain }}"
DRONE_SERVER_PROTO: https
DRONE_RPC_SECRET: "{{ drone_rpc_secret | default(omit) }}"
DRONE_DATABASE_DRIVER: "postgres"
@ -36,7 +37,7 @@ drone_default_values:
DRONE_DATABASE_SECRET: "{{ drone_database_secret | default(omit) }}"
DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id | default(omit) }}"
DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret | default(omit) }}"
DRONE_GITEA_SERVER: "https://gitea.{{ domain }}"
DRONE_GITEA_SERVER: "https://{{ gitea_short_name | default('gitea') }}.{{ domain }}"
drone_runner_kube_default_values:
rbac:
@ -44,7 +45,7 @@ drone_runner_kube_default_values:
- "{{ drone_namespace | default(namespace) }}"
env:
DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
DRONE_RPC_HOST: "drone.{{ domain }}"
DRONE_RPC_HOST: "{{ drone_short_name }}.{{ domain }}"
DRONE_RPC_PROTO: https
DRONE_NAMESPACE_DEFAULT: "{{ drone_namespace | default(namespace) }}"

123
roles/gitea/defaults/main.yaml
View File

@ -2,86 +2,85 @@ gitea_enabled: true
gitea_publish_web: false
gitea_publish_ssh: false
gitea_use_external_db: true
gitea_short_name: "gitea"
gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx"
gitea_default_values:
config:
disableInstaller: true
admin_user: "{{ gitea_admin_user | default('gitea') }}"
admin_pass: "{{ gitea_admin_pass | default(gitea_admin_password) }}"
mailer:
domain: "{{ mail_domain | default(domain) }}"
enabled: true
host: "mail.{{ mail_domain | default(domain) }}:465"
skip_verify: false
is_tls_enabled: true
from: "gitea@{{ mail_domain | default(domain) }}"
user: "{{ gitea_ldap_user | default('gitea') }}"
passwd: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
service:
http:
clusterIP:
ssh:
clusterIP:
ingress:
## Set to true to enable ingress record generation
enabled: true
## When the ingress is enabled, a host pointing to this will be created
hostname: "gitea.{{ domain }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/acme-dns01-provider: "rfc2136"
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
kubernetes.io/tls-acme: "true"
#
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
# hosts:
# - name: git.example.com
# path: /
tls:
- hosts:
- "gitea.{{ domain }}"
secretName: "gitea.{{ domain }}-tls"
service:
type: ClusterIP
## This can stay as ClusterIP as (by default) we use ingress
http:
port: 3000
## Make the external port available
# externalPort: 8082
# externalHost: gitea.local
## SSH is commonly on port 22
ssh:
port: 22
## If serving on a different external port used for determining the ssh url in the gui
# externalPort: 22
# externalHost: gitea.local
# externalIPs: []
hosts:
- "{{ gitea_short_name }}.{{ domain }}"
tls:
- secretName: "{{ gitea_short_name }}.{{ domain }}-tls"
hosts:
- "{{ gitea_short_name }}.{{ domain }}"
persistence:
enabled: true
# existingGiteaClaim: gitea-gitea
accessMode: "{{ gitea_storage_mode | default('ReadWriteMany') }}"
accessModes:
- "{{ gitea_storage_mode | default('ReadWriteMany') }}"
size: "{{ gitea_size | default('20Gi') }}"
storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
annotations:
"helm.sh/resource-policy": keep
lfs:
enabled: "{{ gitea_lfs | default(true) }}"
accessMode: "{{ gitea_lfs_storage_mode | default('ReadWriteMany') }}"
size: "{{ gitea_lfs_size | default('50Gi') }}"
storageClass: "{{ gitea_lfs_storage | default('nfs-hdd') }}"
annotations:
"helm.sh/resource-policy": keep
mariadb:
enabled: false
externalDB:
enabled: true
dbType: "postgres"
dbHost: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
dbPort: "5432"
dbDatabase: "gitea"
dbUser: "{{ gitea_db_username | default(omit)}}"
dbPassword: "{{ gitea_db_password | default(omit) }}"
gitea:
admin:
username: "{{ gitea_admin_user | default('gitea') }}"
password: "{{ gitea_admin_pass | default(gitea_admin_password) }}"
email: "gitea@{{ mail_domain | default(domain) }}"
ldap:
enabled: true
name: OpenLDAP
securityProtocol: ldaps
host: "{{ openldap_short_name | default('openldap')}}.{{ domain }}"
port: "636"
userSearchBase: "ou=users,{{ openldap_domain }}"
userFilter: "(&(objectClass=posixAccount)(uid=%s))"
emailAttribute: mail
bindDn: "uid=ldapbind,ou=services,{{ openldap_domain }}"
bindPassword: "{{ ldapbind_pass | default(ldapbind_password) }}"
config:
# APP_NAME: "Gitea: Git with a cup of tea"
RUN_MODE: prod
service:
DISABLE_REGISTRATION: true
mailer:
ENABLED: "true"
HOST: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}:465"
IS_TLS_ENABLED: "true"
FROM: "gitea@{{ mail_domain | default(domain) }}"
USER: "{{ gitea_ldap_user | default('gitea') }}"
PASSWD: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
MAILER_TYPE: "smtp"
database:
DB_TYPE: postgres
HOST: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432"
NAME: gitea
USER: "{{ gitea_db_username | default(omit) }}"
PASSWD: "{{ gitea_db_password | default(omit) }}"
database:
builtIn:
postgresql:
enabled: false
gitea_publish_ingress_nginx_values:
controller:
@ -118,7 +117,7 @@ gitea_ingress_nginx_default_values:
https: https
ingressClass: "{{ gitea_ingress_class }}"
tcp:
22: "{{ gitea_namespace | default(namespace) }}/gitea-gitea-svc:22"
22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"
gitea_dns_default_values:
fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}"

10
roles/gitea/tasks/main.yaml
View File

@ -21,7 +21,7 @@
community.kubernetes.helm:
create_namespace: true
release_namespace: "{{ gitea_ingress_nginx_namespace | default(namespace) }}"
release_name: "{{ gitea_ingress_nginx_name | default(namespace + '-gitea-ingress-nginx') }}"
release_name: "{{ gitea_ingress_nginx_release_name | default(namespace + '-gitea-ingress-nginx') }}"
chart_ref: "{{ gitea_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
chart_version: "{{ gitea_ingress_nginx_version | default(omit) }}"
release_values: "{{ gitea_ingress_nginx_combined_values | from_yaml }}"
@ -31,7 +31,7 @@
community.kubernetes.helm:
create_namespace: true
release_namespace: "{{ gitea_dns_namespace | default(namespace) }}"
release_name: "{{ gitea_dns_name | default('gitea-internal-dns') }}"
release_name: "{{ gitea_dns_relase_name | default(namespace + '-gitea-internal-dns') }}"
chart_ref: "{{ gitea_dns_chart | default('bitnami/external-dns') }}"
chart_version: "{{ gitea_dns_version | default(omit) }}"
release_values: "{{ gitea_dns_combined_values | from_yaml }}"
@ -42,9 +42,9 @@
community.kubernetes.helm:
create_namespace: true
release_namespace: "{{ gitea_namespace | default(namespace) }}"
release_name: "{{ gitea_name | default('gitea') }}"
chart_ref: "{{ gitea_chart | default('ghp/gitea') }}"
release_name: "{{ gitea_release_name | default(namespace + '-gitea') }}"
chart_ref: "{{ gitea_chart | default('gitea-charts/gitea') }}"
chart_version: "{{ gitea_version | default(omit) }}"
release_values: "{{ gitea_combined_values | from_yaml }}"
wait: true
#wait: true

1
roles/helm-repos/defaults/main.yaml
View File

@ -7,3 +7,4 @@ helm_repos:
- { name: 'stable', url: 'https://charts.helm.sh/stable' }
- { name: 'nextcloud', url: 'https://nextcloud.github.io/helm' }
- { name: 'k8s-at-home', url: 'https://k8s-at-home.com/charts' }
- { name: 'gitea-charts', url: 'https://dl.gitea.io/charts' }

1
roles/mail/defaults/main.yaml
View File

@ -0,0 +1 @@
mail_short_name: "mail"

6
roles/mail/tasks/main.yaml
View File

@ -6,12 +6,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "mail.{{ domain }}-crt"
name: "{{ mail_short_name }}.{{ domain }}-crt"
namespace: "{{ mail_namespace | default(namespace) }}"
spec:
secretName: "mail.{{ domain }}-secret"
secretName: "{{ mail_short_name }}.{{ domain }}-secret"
dnsNames:
- "mail.{{ domain }}"
- "{{ mail_short_name }}.{{ domain }}"
issuerRef:
name: letsencrypt-prod
# We can reference ClusterIssuers by changing the kind here.

23
roles/nextcloud/defaults/main.yaml
View File

@ -1,10 +1,11 @@
nextcloud_enabled: true
nextcloud_publish: false
nextcloud_use_external_db: true
nextcloud_short_name: "nextcloud"
nextcloud_default_values:
image:
repository: nextcloud
tag: 19.0-apache
tag: 20.0-apache
pullPolicy: Always
replicaCount: 1
ingress:
@ -43,11 +44,11 @@ nextcloud_default_values:
deny all;
}
tls:
- secretName: "nextcloud.{{ domain }}-tls"
- secretName: "{{ nextcloud_short_name }}.{{ domain }}-tls"
hosts:
- "nextcloud.{{ domain }}"
- "{{ nextcloud_short_name }}.{{ domain }}"
nextcloud:
host: "nextcloud.{{ domain }}"
host: "{{ nextcloud_short_name }}.{{ domain }}"
username: admin
password: "{{ nextcloud_pass | default(nextcloud_password) }}"
update: 0
@ -58,7 +59,7 @@ nextcloud_default_values:
fromAddress: nextcloud
domain: "{{ mail_domain | default(domain) }}"
smtp:
host: "mail.{{ mail_domain | default(domain) }}"
host: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}"
secure: ssl
port: 465
authtype: LOGIN
@ -98,7 +99,7 @@ nextcloud_default_values:
$CONFIG = array (
'trusted_proxies' => ['{{ web_proxy_internal_ip }}'],
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://nextcloud.{{ domain }}',
'overwrite.cli.url' => 'https://{{ nextcloud_short_name }}.{{ domain }}',
'mail_smtpstreamoptions' =>
array (
'ssl' =>
@ -143,7 +144,7 @@ nextcloud_default_values:
# Nexcloud image is used as default but only curl is needed
image:
repository: nextcloud
tag: 19.0-apache
tag: 20.0-apache
schedule: "*/5 * * * *"
annotations: {}
# Set curl's insecure option if you use e.g. self-signed certificates
@ -154,12 +155,14 @@ nextcloud_default_values:
type: ClusterIP
port: 8080
loadBalancerIP: nil
persistence:
# Nextcloud Data (/var/www/html)
enabled: true
storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
accessMode: "{{ gitea_storage_mode | default('ReadWriteMany') }}"
size: "{{ gitea_size | default('20Gi') }}"
storageClass: "{{ nextcloud_storage | default('nfs-ssd') }}"
accessMode: "{{ nextcloud_storage_mode | default('ReadWriteMany') }}"
size: "{{ nextcloud_size | default('100Gi') }}"
livenessProbe:
enabled: false
readinessProbe:

1
roles/opendkim/defaults/main.yaml
View File

@ -1,3 +1,4 @@
opendkim_short_name: "opendkim"
opendkim_default_values:
replicaCount: 1
persistence:

3
roles/opendmarc/defaults/main.yaml
View File

@ -1,3 +1,4 @@
opendmarc_short_name: "opendmarc"
opendmarc_default_values:
replicaCount: 1
persistence:
@ -11,7 +12,7 @@ opendmarc_default_values:
pullPolicy: Always
configmaps:
opendmarc: |
AuthservID mail.{{ domain }}
AuthservID {{ mail_short_name | default('mail') }}.{{ domain }}
Socket inet:8893
SoftwareHeader true
IgnoreAuthenticatedClients true

7
roles/openldap/defaults/main.yaml
View File

@ -1,3 +1,4 @@
openldap_short_name: "openldap"
openldap_default_values:
replicaCount: 1
@ -26,10 +27,10 @@ openldap_default_values:
# settings for enabling TLS
tls:
enabled: true
secret: "openldap.{{ domain }}-secret" # The name of a kubernetes.io/tls type secret to use for TLS
secret: "{{ openldap_short_name }}.{{ domain }}-secret" # The name of a kubernetes.io/tls type secret to use for TLS
CA:
enabled: true
secret: "openldap.{{ domain }}-ca" # The name of a generic secret to use for custom CA certificate (ca.crt)
secret: "{{ openldap_short_name }}.{{ domain }}-ca" # The name of a generic secret to use for custom CA certificate (ca.crt)
## Add additional labels to all resources
extraLabels: {}
@ -37,7 +38,7 @@ openldap_default_values:
podAnnotations: {}
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: openldap.{{ domain }}
external-dns.alpha.kubernetes.io/hostname: {{ openldap_short_name }}.{{ domain }}
clusterIP: ""
ldapPort: 389

11
roles/peertube/defaults/main.yaml
View File

@ -1,6 +1,7 @@
peertube_enabled: false
peertube_publish: false
peertube_use_external_db: true
peertube_short_name: "peertube"
peertube_default_values:
replicaCount: 1
imagePullSecrets: []
@ -15,7 +16,7 @@ peertube_default_values:
# Correspond to your reverse proxy server_name/listen configuration
webserver:
https: true
hostname: 'peertube.{{ domain }}'
hostname: '{{ peertube_short_name }}.{{ domain }}'
port: 443
rates_limit:
api:
@ -68,7 +69,7 @@ peertube_default_values:
transport: smtp
# Path to sendmail command. Required if you use sendmail transport
sendmail: null
hostname: "mail.{{ domain }}"
hostname: "{{ mail_short_name | default('mail') }}.{{ domain }}"
port: 465 # If you use StartTLS: 587
username: peertube
password: "{{ peertube_ldap_password }}"
@ -429,12 +430,12 @@ peertube_default_values:
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- host: peertube.{{ domain }}
- host: "{{ peertube_short_name }}.{{ domain }}"
paths: ["/"]
tls:
- secretName: peertube.{{ domain }}-tls
- secretName: "{{ peertube_short_name }}.{{ domain }}-tls"
hosts:
- peertube.{{ domain }}
- "{{ peertube_short_name }}.{{ domain }}"
persistence:
enabled: true
accessMode: "{{ peertube_storage_mode | default('ReadWriteMany') }}"

7
roles/playmaker/defaults/main.yaml
View File

@ -1,5 +1,6 @@
playmaker_enabled: true
playmaker_publish: false
playmeker_short_name: "playmaker"
playmaker_default_values:
replicaCount: 1
image:
@ -62,12 +63,12 @@ playmaker_default_values:
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/tls-acme: "true"
hosts:
- host: playmaker.{{ domain }}
- host: "{{ playmaker_short_name }}.{{ domain }}"
paths: ["/"]
tls:
- secretName: playmaker.{{ domain }}-tls
- secretName: "{{ playmaker_short_name }}.{{ domain }}-tls"
hosts:
- playmaker.{{ domain }}
- "{{ playmaker_short_name }}.{{ domain }}"
persistence:
enabled: true
storageClass: "{{ playmaker_storage | default('nfs-hdd') }}"

17
roles/postfix/defaults/main.yaml
View File

@ -1,3 +1,4 @@
postfix_short_name: "postfix"
postfix_default_values:
replicaCount: 1
persistence:
@ -6,7 +7,7 @@ postfix_default_values:
tls:
enabled: true
existingSecret: mail.{{ domain }}-secret
existingSecret: {{ mail_short_name | default('mail') }}.{{ domain }}-secret
postfix:
image:
@ -29,7 +30,7 @@ postfix_default_values:
mail_owner = postfix
# Postfix full server name for mail send/recieve
myhostname = mail.{{ domain }}
myhostname = {{ mail_short_name | default('mail') }}.{{ domain }}
# Set domain name
mydomain = {{ domain }}
@ -58,7 +59,7 @@ postfix_default_values:
# Dovecot socket for mail delivery
#virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:inet:dovecot.{{ namespace }}.svc.cluster.local:24
virtual_transport = lmtp:inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:24
# Certs and TLS options
smtpd_tls_cert_file = /tls/tls.crt
@ -89,12 +90,12 @@ postfix_default_values:
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = inet:dovecot.{{ namespace }}.svc.cluster.local:12345
smtpd_sasl_path = inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:12345
smtpd_sasl_local_domain = $myorigin
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
smtpd_milters = inet:rspamd.{{ namespace }}.svc.cluster.local:11332
smtpd_milters = inet:{{ rspamd_short_name | default('rspamd') }}.{{ namespace }}.svc.cluster.local:11332
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
@ -197,7 +198,7 @@ postfix_default_values:
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=inet:dovecot.{{ namespace }}.svc.cluster.local:12345
-o smtpd_sasl_path=inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:12345
-o smtpd_upstream_proxy_protocol=haproxy
10465 inet n - n - - smtpd
-o syslog_name=postfix/10465
@ -206,7 +207,7 @@ postfix_default_values:
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=inet:dovecot.{{ namespace }}.svc.cluster.local:12345
-o smtpd_sasl_path=inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:12345
-o smtpd_upstream_proxy_protocol=haproxy
#
# ====================================================================
@ -281,7 +282,7 @@ postfix_default_values:
ldap-local-recipients: |
debuglevel = 0
version = 3
server_host = ldaps://openldap.{{ domain }}
server_host = ldaps://{{ openldap_short_name | default('openldap') }}.{{ domain }}
server_port = 636
bind_dn = uid=ldapbind,ou=services,{{ openldap_domain }}
bind_pw = {{ ldapbind_pass | default(ldapbind_password) }}

7
roles/postgres/defaults/main.yaml
View File

@ -1,3 +1,4 @@
postgres_operator_ui_short_name: "postgres-operator-ui"
postgres_operator_default_values:
image:
registry: "{{ docker_registry }}"
@ -34,12 +35,12 @@ postgres_operator_ui_default_values:
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/ingress.class: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}"
hosts:
- host: postgres-operator-ui.{{ domain }}
- host: "{{ postgres_operator_ui_short_name }}.{{ domain }}"
paths: [""]
tls:
- secretName: postgres-operator-ui.{{ domain }}-tls
- secretName: "{{ postgres_operator_ui_short_name }}.{{ domain }}-tls"
hosts:
- postgres-operator-ui.{{ domain }}
- "{{ postgres_operator_ui_short_name }}.{{ domain }}"
postgres_db_definitions:

7
roles/pypiserver/defaults/main.yaml
View File

@ -1,5 +1,6 @@
pypiserver_enabled: true
pypiserver_publish: false
pypiserver_short_name: "pip"
pypiserver_default_values:
## If you want more than 1 replica you will have to use a ReadWriteMany volume
replicaCount: 1
@ -35,11 +36,11 @@ pypiserver_default_values:
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
path: "/"
hosts:
- pip.{{ domain }}
- "{{ pypiserver_short_name }}.{{ domain }}"
tls:
- secretName: pip.{{ domain }}-tls
- secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls"
hosts:
- pip.{{ domain }}
- "{{ pypiserver_short_name }}.{{ domain }}"
persistence:
enabled: true
storageClass: "{{ pypiserver_storage | default('nfs-hdd') }}"

7
roles/registry/defaults/main.yaml
View File

@ -1,5 +1,6 @@
registry_enabled: true
registry_publish: false
registry_short_name: "registry"
registry_default_values:
service:
type: ClusterIP
@ -14,11 +15,11 @@ registry_default_values:
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- registry.{{ domain }}
- "{{ registry_short_name }}.{{ domain }}"
tls:
- secretName: registry.{{ domain }}-tls
- secretName: "{{ registry_short_name }}.{{ domain }}-tls"
hosts:
- registry.{{ domain }}
- "{{ registry_short_name }}.{{ domain }}"
persistence:
enabled: true
storageClass: "{{ registry_storage | default('nfs-hdd') }}"

13
roles/roundcube/defaults/main.yaml
View File

@ -1,6 +1,7 @@
roundcube_enabled: true
roundcube_publish: false
roundcube_use_external_db: true
roundcube_short_name: "webmail"
roundcube_default_values:
env:
- name: ROUNDCUBEMAIL_DB_TYPE
@ -14,11 +15,11 @@ roundcube_default_values:
- name: ROUNDCUBEMAIL_DB_NAME
value: roundcube
- name: ROUNDCUBEMAIL_DEFAULT_HOST
value: "ssl://mail.{{ domain }}"
value: "ssl://{{ mail_short_name | default('mail') }}.{{ domain }}"
- name: ROUNDCUBEMAIL_DEFAULT_PORT
value: "993"
- name: ROUNDCUBEMAIL_SMTP_SERVER
value: "ssl://mail.{{ domain }}"
value: "ssl://{{ mail_short_name | default('mail') }}.{{ domain }}"
- name: ROUNDCUBEMAIL_SMTP_PORT
value: "465"
- name: ROUNDCUBEMAIL_SKIN
@ -40,11 +41,11 @@ roundcube_default_values:
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
path: /
hosts:
- webmail.{{ domain }}
- "{{ roundcube_short_name }}.{{ domain }}"
tls:
- secretName: webmail.{{ domain }}-tls
- secretName: "{{ roundcube_short_name }}.{{ domain }}-tls"
hosts:
- webmail.{{ domain }}
- "{{ roundcube_short_name }}.{{ domain }}"
persistence:
enabled: true
storageClass: "{{ roundcube_storage | default('nfs-hdd') }}"
@ -56,7 +57,7 @@ roundcube_default_values:
$config['mail_domain'] = '%d';
$config['username_domain'] = '%d';
$config['managesieve_port'] = '4190';
$config['managesieve_host'] = 'ssl://dovecot.{{ namespace }}.svc.cluster.local';
$config['managesieve_host'] = 'ssl://{{ dovecot_short_name | default("dovecot") }}.{{ namespace }}.svc.cluster.local';
$config['managesieve_usetls'] = false;
$config['managesieve_debug'] = true;
$config['managesieve_conn_options'] = array(

1
roles/rspamd/defaults/main.yaml
View File

@ -1,4 +1,5 @@
rspamd_enabled: true
rspamd_short_name: "rspamd"
rspamd_default_values:
replicaCount: 1
persistence:

7
roles/wikijs/defaults/main.yaml
View File

@ -1,6 +1,7 @@
wikijs_enabled: true
wikijs_publish: false
wikijs_use_external_db: true
wikijs_short_name: "wikijs"
wikijs_default_values:
fullnameOverride: "wikijs"
ingress:
@ -11,12 +12,12 @@ wikijs_default_values:
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/ingress.class: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}"
hosts:
- host: wikijs.{{ domain }}
- host: "{{ wikijs_short_name }}.{{ domain }}"
paths: ["/"]
tls:
- secretName: wikijs.{{ domain }}-tls
- secretName: "{{ wikijs_short_name }}.{{ domain }}-tls"
hosts:
- wikijs.{{ domain }}
- "{{ wikijs_short_name }}.{{ domain }}"
postgresql:
enabled: false
ssl: false