diff --git a/inventory/ghp/sample/group_vars/all/all.yaml b/inventory/ghp/sample/group_vars/all/all.yaml index cf7f5a0..47e5904 100644 --- a/inventory/ghp/sample/group_vars/all/all.yaml +++ b/inventory/ghp/sample/group_vars/all/all.yaml @@ -52,7 +52,7 @@ openldap_simple_users: - { name: testuser2, sn: 6002, uid: 6002, gid: 6002 } ## Harbor ## -harbor_enabled: true +harbor_enabled: false harbor_publish: false #harbor_registry_size: "100Gi" #harbor_registry_storage: "nfs-hdd" @@ -92,13 +92,11 @@ gitea_publish_web: false gitea_publish_ssh: false gitea_loadbalancer_ip: "192.168.250.5" -## Drone ## -drone_enabled: true -#drone_size: "10Gi" -#drone_storage: "nfs-ssd" -#drone_gitea_client_id: -#drone_gitea_client_secret: -drone_publish: false +## Gitea Act Runner ## +gitea_act_runner_enabled: true +gitea_act_runner_token: "" +gitea_act_runner_size: "25Gi" +#gitea_act_runner_storage: "nfs-ssd" ### WikiJS ### wikijs_enabled: true diff --git a/inventory/ghp/sample/group_vars/all/versions.yaml b/inventory/ghp/sample/group_vars/all/versions.yaml index 2a90603..2947c70 100644 --- a/inventory/ghp/sample/group_vars/all/versions.yaml +++ b/inventory/ghp/sample/group_vars/all/versions.yaml @@ -20,8 +20,8 @@ internal_ingress_nginx_version: 4.2.0 local_ingress_nginx_version: 4.2.0 # PostgreSQL operator -postgres_operator_version: 1.9.0 -postgres_operator_ui_version: 1.9.0 +postgres_operator_version: 1.10.0 +postgres_operator_ui_version: 1.10.0 # OpenLDAP openldap_version: 1.2.7 @@ -32,17 +32,16 @@ adguard_version: 2.3.13 # Bitwarden (aka Vaultwarden) bitwarden_version: 2.0.20 -# Drone -drone_version: 0.6.4 -drone_runner_kube_version: 0.1.10 - # Gitea gitea_ingress_nginx_version: 4.2.0 gitea_dns_version: 6.8.1 gitea_version: 8.3.0 +# Gitea Act Runner +gitea_act_runner_version: 0.1.0 + # Docker and Helm chart registries -harbor_version: 1.10.4 +harbor_version: 1.12.2 # Mastodon mastodon_version: 4.0.0 @@ -60,7 +59,7 @@ rspamd_version: 0.4.3 pypiserver_version: 2.5.0 # WikiJS -wikijs_version: 2.3.10 +wikijs_version: 2.3.11 # PeerTube peertube_version: 0.2.1 diff --git a/inventory/ghp/sample/group_vars/ddclient.yaml b/inventory/ghp/sample/group_vars/ddclient.yaml index eefacdf..791a9db 100644 --- a/inventory/ghp/sample/group_vars/ddclient.yaml +++ b/inventory/ghp/sample/group_vars/ddclient.yaml @@ -24,19 +24,14 @@ ddclient_conf: | ddclient_hosts: - "{% if nextcloud_publish %}{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }}{% else %}omitme{% endif %}" - - "{% if drone_publish %}{{ drone_short_name | default('drone') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if gitea_publish_web %}{{ gitea_short_name | default('gitea') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if bitwarden_publish %}{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if playmaker_publish %}{{ playmaker_short_name | default('playmaker') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if pypiserver_publish %}{{ pypiserver_short_name | default('pip') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if wikijs_publish %}{{ wikijs_short_name | default('wikijs') }}.{{ domain }}{% else %}omitme{% endif %}" - - "{% if chartmuseum_publish %}{{ chartsmuseum_short_name | default('charts') }}.{{ domain }}{% else %}omitme{% endif %}" - - "{% if registry_publish %}{{ registry_short_name | default('registry') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if peertube_publish %}{{ peertube_short_name | default('peertube') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if mastodon_publish %}{{ mastodon_short_name | default('mastodon') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if harbor_publish %}{{ harbor_short_name | default('harbor') }}.{{ domain }}{% else %}omitme{% endif %}" - "{% if roundcube_publish %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}" - "{{ harbor_readonly_ingress | default('omitme') }}" - - "{{ registry_readonly_ingress | default('omitme') }}" - - "{{ chartmuseum_readonly_ingress | default('omitme') }}" - "{{ wikijs_readonly_ingress | default('omitme') }}" diff --git a/inventory/ghp/sample/group_vars/k8s/chartmuseum.yaml b/inventory/ghp/sample/group_vars/k8s/chartmuseum.yaml deleted file mode 100644 index 94a6136..0000000 --- a/inventory/ghp/sample/group_vars/k8s/chartmuseum.yaml +++ /dev/null @@ -1 +0,0 @@ -chartmuseum_values: {} diff --git a/inventory/ghp/sample/group_vars/k8s/drone.yaml b/inventory/ghp/sample/group_vars/k8s/drone.yaml deleted file mode 100644 index 4fa8c89..0000000 --- a/inventory/ghp/sample/group_vars/k8s/drone.yaml +++ /dev/null @@ -1,2 +0,0 @@ -drone_values: {} -drone_runner_kube_values: {} diff --git a/inventory/ghp/sample/group_vars/k8s/gitea-act-runner.yaml b/inventory/ghp/sample/group_vars/k8s/gitea-act-runner.yaml new file mode 100644 index 0000000..95e9cf7 --- /dev/null +++ b/inventory/ghp/sample/group_vars/k8s/gitea-act-runner.yaml @@ -0,0 +1 @@ +gitea_act_runner_values: {} diff --git a/inventory/ghp/sample/group_vars/web_proxy.yaml b/inventory/ghp/sample/group_vars/web_proxy.yaml index ed167c3..d89d6e2 100644 --- a/inventory/ghp/sample/group_vars/web_proxy.yaml +++ b/inventory/ghp/sample/group_vars/web_proxy.yaml @@ -60,18 +60,12 @@ nginx: {% if wikijs_publish %} {{ wikijs_short_name | default('wikijs') }}.{{ domain }} https_{{ namespace }}; {% endif %} - {% if drone_publish %} - {{ drone_short_name | default('drone') }}.{{ domain }} https_{{ namespace }}; - {% endif %} {% if nextcloud_publish %} {{ nextcloud_short_name | default('nextcloud') }}.{{ domain }} https_{{ namespace }}; {% endif %} {% if harbor_publish %} {{ harbor_short_name | default('harbor') }}.{{ domain }} https_{{ namespace }}; {% endif %} - {% if registry_publish %} - {{ registry_short_name | default('registry') }}.{{ domain }} https_{{ namespace }}; - {% endif %} {% if peertube_publish %} {{ peertube_short_name | default('peertube') }}.{{ domain }} https_{{ namespace }}; {% endif %} @@ -81,15 +75,6 @@ nginx: {% if roundcube_publish %} {{ roundcube_short_name | default('webmail') }}.{{ domain }} https_{{ namespace }}; {% endif %} - {% if chartmuseum_publish %} - {{ chartsmuseum_short_name | default('charts') }}.{{ domain }} https_{{ namespace }}; - {% endif %} - {% if registry_readonly_ingress %} - {{ registry_readonly_ingress }} https_{{ namespace }}; - {% endif %} - {% if chartmuseum_readonly_ingress %} - {{ chartmuseum_readonly_ingress }} https_{{ namespace }}; - {% endif %} {% if wikijs_readonly_ingress %} {{ wikijs_readonly_ingress }} https_{{ namespace }}; {% endif %} diff --git a/playbooks/ghp/chartmuseum.yaml b/playbooks/ghp/chartmuseum.yaml deleted file mode 100644 index 905c4d0..0000000 --- a/playbooks/ghp/chartmuseum.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: k8s - connection: local - roles: - - chartmuseum diff --git a/playbooks/ghp/core-infra.yaml b/playbooks/ghp/core-infra.yaml index 8323e7a..6281b84 100644 --- a/playbooks/ghp/core-infra.yaml +++ b/playbooks/ghp/core-infra.yaml @@ -55,7 +55,7 @@ tags: - service-dns - dns - + - name: Deploy Cert-manager import_role: name: cert-manager diff --git a/playbooks/ghp/drone.yaml b/playbooks/ghp/drone.yaml deleted file mode 100644 index 408dabc..0000000 --- a/playbooks/ghp/drone.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: k8s - connection: local - roles: - - drone diff --git a/playbooks/ghp/opendkim.yaml b/playbooks/ghp/opendkim.yaml deleted file mode 100644 index b74dcfb..0000000 --- a/playbooks/ghp/opendkim.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: k8s - connection: local - roles: - - opendkim diff --git a/playbooks/ghp/opendmarc.yaml b/playbooks/ghp/opendmarc.yaml deleted file mode 100644 index bded453..0000000 --- a/playbooks/ghp/opendmarc.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: k8s - connection: local - roles: - - opendmarc diff --git a/playbooks/ghp/registry.yaml b/playbooks/ghp/registry.yaml deleted file mode 100644 index a5de87e..0000000 --- a/playbooks/ghp/registry.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: k8s - connection: local - roles: - - registry diff --git a/playbooks/ghp/shared-infra.yaml b/playbooks/ghp/shared-infra.yaml index dd87de9..0b9f0ed 100644 --- a/playbooks/ghp/shared-infra.yaml +++ b/playbooks/ghp/shared-infra.yaml @@ -14,20 +14,3 @@ when: openldap_enabled | default(true) tags: openldap - - name: Deploy Docker registry - import_role: - name: registry - when: registry_enabled | default(false) - tags: registry - - - name: Deploy ChartMuseum - import_role: - name: chartmuseum - when: chartmuseum_enabled | default(false) - tags: chartmuseum - - - name: Deploy Harbor - import_role: - name: harbor - when: harbor_enabled | default(true) - tags: harbor diff --git a/playbooks/ghp/user-apps.yaml b/playbooks/ghp/user-apps.yaml index 4ac85ca..0f6883d 100644 --- a/playbooks/ghp/user-apps.yaml +++ b/playbooks/ghp/user-apps.yaml @@ -26,11 +26,11 @@ when: gitea_enabled | default(true) tags: gitea - - name: Deploy Drone + - name: Deploy Gitea Act Runner import_role: - name: drone - when: drone_enabled | default(true) - tags: drone + name: gitea-act-runner + when: gitea_act_runner_enabled | default(true) + tags: gitea-act-runner - name: Deploy WikiJS import_role: diff --git a/roles/adguard-home/defaults/main.yaml b/roles/adguard-home/defaults/main.yaml index 60bb74c..216060a 100644 --- a/roles/adguard-home/defaults/main.yaml +++ b/roles/adguard-home/defaults/main.yaml @@ -1,5 +1,6 @@ adguard_enabled: false adguard_publish: false +adguard_chart_ref: "ghp/adguard-home" adguard_short_name: "adguard" adguard_default_values: # upgrade strategy type (e.g. Recreate or RollingUpdate) diff --git a/roles/adguard-home/tasks/main.yaml b/roles/adguard-home/tasks/main.yaml index bb3baed..c50dcbf 100644 --- a/roles/adguard-home/tasks/main.yaml +++ b/roles/adguard-home/tasks/main.yaml @@ -26,7 +26,7 @@ create_namespace: true release_namespace: "{{ adguard_namespace | default(namespace) }}" release_name: "{{ adguard_name | default('adguard') }}" - chart_ref: "{{ adguard_chart | default('ghp/adguard-home') }}" + chart_ref: "{{ adguard_chart_ref }}" chart_version: "{{ adguard_version | default(omit) }}" release_values: "{{ adguard_combined_values | from_yaml }}" diff --git a/roles/bitwarden/defaults/main.yaml b/roles/bitwarden/defaults/main.yaml index 3fd6c3f..5959103 100644 --- a/roles/bitwarden/defaults/main.yaml +++ b/roles/bitwarden/defaults/main.yaml @@ -1,5 +1,6 @@ bitwarden_enabled: true bitwarden_publish: false +bitwarden_chart_ref: "ghp/bitwarden" bitwarden_use_external_db: true bitwarden_short_name: "bitwarden" bitwarden_default_values: diff --git a/roles/bitwarden/tasks/main.yaml b/roles/bitwarden/tasks/main.yaml index e133afb..2010ef8 100644 --- a/roles/bitwarden/tasks/main.yaml +++ b/roles/bitwarden/tasks/main.yaml @@ -12,7 +12,7 @@ create_namespace: true release_namespace: "{{ bitwarden_namespace | default(namespace) }}" release_name: "{{ bitwarden_name | default('bitwarden') }}" - chart_ref: "{{ bitwarden_chart | default('ghp/bitwarden') }}" + chart_ref: "{{ bitwarden_chart_ref }}" chart_version: "{{ bitwarden_version | default(omit) }}" release_values: "{{ bitwarden_combined_values | from_yaml }}" wait: true diff --git a/roles/cert-manager/defaults/main.yaml b/roles/cert-manager/defaults/main.yaml index 3fb6964..1f86e81 100644 --- a/roles/cert-manager/defaults/main.yaml +++ b/roles/cert-manager/defaults/main.yaml @@ -1,4 +1,5 @@ -cert_manager_namespace: cert-manager +cert_manager_chart_ref: "jetstack/cert-manager" +cert_manager_namespace: "cert-manager" lets_encrypt_mailbox: "admin@{{ domain }}" cert_manager_base64_tsig_key: "{{ k8s_tsig | b64encode }}" cert_manager_default_values: diff --git a/roles/cert-manager/tasks/main.yaml b/roles/cert-manager/tasks/main.yaml index 6cd7e99..422d683 100644 --- a/roles/cert-manager/tasks/main.yaml +++ b/roles/cert-manager/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ cert_manager_namespace | default('cert-manager') }}" release_name: "{{ cert_manager_name | default('cert-manager') }}" - chart_ref: "{{ cert_manager_chart | default('jetstack/cert-manager') }}" + chart_ref: "{{ cert_manager_chart_ref }}" chart_version: "{{ cert_manager_version }}" release_values: "{{ cert_manager_combined_values | from_yaml | default(omit) }}" wait: true diff --git a/roles/chartmuseum/defaults/main.yaml b/roles/chartmuseum/defaults/main.yaml deleted file mode 100644 index 32ce6ae..0000000 --- a/roles/chartmuseum/defaults/main.yaml +++ /dev/null @@ -1,83 +0,0 @@ -chartmuseum_enabled: true -chartmuseum_publish: false -chartmuseum_short_name: "charts" -chartmuseum_default_values: - env: - open: - # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle - STORAGE: local - # levels of nested repos for multitenancy. The default depth is 0 (singletenant server) - DEPTH: 0 - # sets the base context path - CONTEXT_PATH: / - # show debug messages - DEBUG: false - # output structured logs as json - LOG_JSON: true - # disable use of index-cache.yaml - DISABLE_STATEFILES: false - # disable Prometheus metrics - DISABLE_METRICS: true - # disable all routes prefixed with /api - DISABLE_API: false - # allow chart versions to be re-uploaded - ALLOW_OVERWRITE: true - # allow anonymous GET operations when auth is used - AUTH_ANONYMOUS_GET: true - secret: - # username for basic http authentication - BASIC_AUTH_USER: "{{ chartmuseum_admin_login | default('admin') }}" - # password for basic http authentication - BASIC_AUTH_PASS: "{{ chartmuseum_admin_pass | default(chartmuseum_admin_password) }}" - - persistence: - enabled: true - accessMode: "{{ chartmuseum_storage_mode | default('ReadWriteMany') }}" - size: "{{ chartmuseum_size | default('10Gi') }}" - labels: {} - path: /storage - storageClass: "{{ chartmuseum_storage | default('nfs-hdd') }}" - - ## Ingress for load balancer - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}" - kubernetes.io/tls-acme: "true" - hosts: - - name: "{{ chartmuseum_short_name }}.{{ domain }}" - path: / - tls: true - tlsSecret: "{{ chartmuseum_short_name }}.{{ domain }}-tls" - -chartmuseum_readonly_ingress_definition: | - apiVersion: extensions/v1beta1 - kind: Ingress - metadata: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: "{{ external_ingress_class }}" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - nginx.ingress.kubernetes.io/configuration-snippet: |- - limit_except GET { - deny all; - } - name: chartmuseum-public - namespace: "{{ chartmuseum_namespace | default(namespace) }}" - spec: - rules: - - host: "{{ chartmuseum_readonly_ingress }}" - http: - paths: - - backend: - serviceName: chartmuseum-chartmuseum - servicePort: 8080 - path: / - tls: - - hosts: - - "{{ chartmuseum_readonly_ingress }}" - secretName: "{{ chartmuseum_readonly_ingress }}-tls" - diff --git a/roles/chartmuseum/tasks/main.yaml b/roles/chartmuseum/tasks/main.yaml deleted file mode 100644 index 9efbdb2..0000000 --- a/roles/chartmuseum/tasks/main.yaml +++ /dev/null @@ -1,20 +0,0 @@ -- set_fact: - chartmuseum_combined_values: "{{ chartmuseum_default_values | combine(chartmuseum_values, recursive=true) }}" - -- name: Deploy ChartMuseum - kubernetes.core.helm: - create_namespace: true - release_namespace: "{{ chartmuseum_namespace | default(namespace) }}" - release_name: "{{ chartmuseum_name | default('chartmuseum') }}" - chart_ref: "{{ chartmuseum_chart | default('ghp/chartmuseum') }}" - chart_version: "{{ chartmuseum_version | default(omit) }}" - release_values: "{{ chartmuseum_combined_values | from_yaml }}" - wait: true - -- name: Deploy readonly public ingress for ChartMuseum - when: chartmuseum_readonly_ingress is defined - k8s: - state: present - definition: - "{{ chartmuseum_readonly_ingress_definition }}" - diff --git a/roles/ddclient/defaults/main.yml b/roles/ddclient/defaults/main.yml index 5596878..085aa1f 100644 --- a/roles/ddclient/defaults/main.yml +++ b/roles/ddclient/defaults/main.yml @@ -5,22 +5,17 @@ ddclient_namespace: "{{ namespace | default('ddclient') }}" ddclient_container_name: "{{ ddclient_namespace }}-ddclient" ddclient_container_registry: "{{ container_registry | default(docker_registry) | default('registry.geekhome.org/ghp') }}" ddclient_image_name: "ddclient" -ddclient_image_tag: "v3.9.1-ls45" +ddclient_image_tag: "3.9.1-1" ddclient_systemd_unit_name: "{{ ddclient_container_name }}-container.service" harbor_readonly_ingress: false -registry_readonly_ingress: false wikijs_readonly_ingress: false -chartmuseum_readonly_ingress: false -registry_publish: false -chartmuseum_publish: false harbor_publish: false roundcube_publish: false nextcloud_publish: false bitwarden_publish: false gitea_publish_web: false gitea_publish_ssh: false -drone_publish: false wikijs_publish: false playmaker_publish: false pypiserver_publish: false diff --git a/roles/dovecot/defaults/main.yaml b/roles/dovecot/defaults/main.yaml index 278d550..b65fb9a 100644 --- a/roles/dovecot/defaults/main.yaml +++ b/roles/dovecot/defaults/main.yaml @@ -1,3 +1,4 @@ +dovecot_chart_ref: "ghp/dovecot" dovecot_short_name: "dovecot" dovecot_default_values: replicaCount: 1 diff --git a/roles/dovecot/tasks/main.yaml b/roles/dovecot/tasks/main.yaml index 8902c3d..e118d5e 100644 --- a/roles/dovecot/tasks/main.yaml +++ b/roles/dovecot/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ dovecot_namespace | default(mail_namespace) | default(namespace) }}" release_name: "{{ dovecot_name | default('dovecot') }}" - chart_ref: "{{ dovecot_chart | default('ghp/dovecot') }}" + chart_ref: "{{ dovecot_chart_ref }}" chart_version: "{{ dovecot_version | default(omit) }}" release_values: "{{ dovecot_combined_values | from_yaml }}" wait: true diff --git a/roles/drone/defaults/main.yaml b/roles/drone/defaults/main.yaml deleted file mode 100644 index 4d57975..0000000 --- a/roles/drone/defaults/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ -drone_enabled: true -drone_publish: false -drone_use_external_db: true -drone_short_name: "drone" -drone_default_values: - service: - type: ClusterIP - port: 80 - ingress: - enabled: true - className: "{{ external_ingress_class if drone_publish else internal_ingress_class }}" - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - hosts: - - host: "{{ drone_short_name }}.{{ domain }}" - paths: - - path: / - pathType: Prefix - tls: - - secretName: "{{ drone_short_name }}.{{ domain }}-tls" - hosts: - - "{{ drone_short_name }}.{{ domain }}" - persistentVolume: - enabled: true - accessModes: - - "{{ drone_storage_mode | default('ReadWriteMany') }}" - mountPath: /data - size: "{{ drone_size | default('8Gi') }}" - storageClass: "{{ drone_storage | default('nfs-ssd') }}" - env: - DRONE_SERVER_HOST: "{{ drone_short_name }}.{{ domain }}" - DRONE_SERVER_PROTO: https - DRONE_RPC_SECRET: "{{ drone_rpc_secret | default(omit) }}" - DRONE_DATABASE_DRIVER: "postgres" - DRONE_DATABASE_DATASOURCE: "postgres://{{ drone_db_username }}:{{ drone_db_password }}@{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432/drone?sslmode=disable" - DRONE_DATABASE_SECRET: "{{ drone_database_secret | default(omit) }}" - DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id | default(omit) }}" - DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret | default(omit) }}" - DRONE_GITEA_SERVER: "https://{{ gitea_short_name | default('gitea') }}.{{ domain }}" - -drone_runner_kube_default_values: - rbac: - buildNamespaces: - - "{{ drone_namespace | default(namespace) }}" - env: - DRONE_RPC_SECRET: "{{ drone_rpc_secret }}" - DRONE_RPC_HOST: "{{ drone_short_name }}.{{ domain }}" - DRONE_RPC_PROTO: https - DRONE_NAMESPACE_DEFAULT: "{{ drone_namespace | default(namespace) }}" - diff --git a/roles/drone/tasks/main.yaml b/roles/drone/tasks/main.yaml deleted file mode 100644 index 54367cd..0000000 --- a/roles/drone/tasks/main.yaml +++ /dev/null @@ -1,31 +0,0 @@ -- name: Import secret.yaml to obtain secrets - include_tasks: secrets.yaml - when: - - drone_use_external_db - - postgres_enabled is defined and postgres_enabled - -- set_fact: - drone_combined_values: "{{ drone_default_values | combine(drone_values, recursive=true) }}" - -- set_fact: - drone_runner_kube_combined_values: "{{ drone_runner_kube_default_values | combine(drone_runner_kube_values, recursive=true) }}" - -- name: Deploy Drone Server - kubernetes.core.helm: - create_namespace: true - release_namespace: "{{ drone_namespace | default(namespace) }}" - release_name: "{{ drone_name | default('drone') }}" - chart_ref: "{{ drone_chart | default('drone/drone') }}" - chart_version: "{{ drone_version | default(omit) }}" - release_values: "{{ drone_combined_values | from_yaml }}" - wait: true - -- name: Deploy Drone Runner Kube - kubernetes.core.helm: - create_namespace: true - release_namespace: "{{ drone_runner_kube_namespace | default(namespace) }}" - release_name: "{{ drone_runner_kube_name | default('drone-runner-kube') }}" - chart_ref: "{{ drone_runner_kube_chart | default('drone/drone-runner-kube') }}" - chart_version: "{{ drone_runner_kube_version | default(omit) }}" - release_values: "{{ drone_runner_kube_combined_values | from_yaml }}" - wait: true diff --git a/roles/drone/tasks/secrets.yaml b/roles/drone/tasks/secrets.yaml deleted file mode 100644 index 6b2b3cf..0000000 --- a/roles/drone/tasks/secrets.yaml +++ /dev/null @@ -1,25 +0,0 @@ -- block: - - name: Set DB namespace for secret lookup - set_fact: - db_namespace: "{{ drone_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}" - - - name: Set DB secret name for lookup - set_fact: - db_secret_name: "drone.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do" - - - name: Lookup Drone DB secret - set_fact: - drone_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}" - - - debug: - msg: "{{ drone_db_secret }}" - verbosity: 2 - - - name: Set Drone DB username - set_fact: - drone_db_username: "{{ drone_db_secret.data.username | b64decode }}" - - - name: Set Drone DB password - set_fact: - drone_db_password: "{{ drone_db_secret.data.password | b64decode }}" - diff --git a/roles/external-dns/defaults/main.yaml b/roles/external-dns/defaults/main.yaml index 3e5495b..4934fe8 100644 --- a/roles/external-dns/defaults/main.yaml +++ b/roles/external-dns/defaults/main.yaml @@ -1,8 +1,5 @@ +external_dns_chart_ref: "ghp/external-dns" external_dns_default_values: - image: - registry: registry.0xace.cc - repository: ghp/external-dns - tag: v0.7.6-663-gf76382a5 fullnameOverride: "{{ external_dns_name | default(namespace + '-external-dns') }}" ingressClass: "{{ external_ingress_class }}" domainFilters: ["{{ external_domain | default(domain) }}"] diff --git a/roles/external-dns/tasks/main.yaml b/roles/external-dns/tasks/main.yaml index 1508e09..952eaab 100644 --- a/roles/external-dns/tasks/main.yaml +++ b/roles/external-dns/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ external_dns_namespace | default(dns_namespace) | default(namespace) }}" release_name: "{{ external_dns_name | default(namespace + '-external-dns') }}" - chart_ref: "{{ external_dns_chart | default('ghp/external-dns') }}" + chart_ref: "{{ external_dns_chart_ref }}" chart_version: "{{ external_dns_version | default(omit) }}" release_values: "{{ external_dns_combined_values | from_yaml }}" wait: true diff --git a/roles/external-ingress-nginx/defaults/main.yaml b/roles/external-ingress-nginx/defaults/main.yaml index cfc6372..60fbdf5 100644 --- a/roles/external-ingress-nginx/defaults/main.yaml +++ b/roles/external-ingress-nginx/defaults/main.yaml @@ -1,3 +1,4 @@ +external_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx" external_ingress_nginx_default_values: controller: kind: DaemonSet diff --git a/roles/external-ingress-nginx/tasks/main.yaml b/roles/external-ingress-nginx/tasks/main.yaml index a0fed3c..39e1de1 100644 --- a/roles/external-ingress-nginx/tasks/main.yaml +++ b/roles/external-ingress-nginx/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ external_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}" release_name: "{{ external_ingress_nginx_name | default(namespace + '-external-ingress-nginx') }}" - chart_ref: "{{ external_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}" + chart_ref: "{{ external_ingress_nginx_chart_ref }}" chart_version: "{{ external_ingress_nginx_version | default(omit) }}" release_values: "{{ external_ingress_nginx_combined_values | from_yaml }}" wait: true diff --git a/roles/gitea-act-runner/defaults/main.yaml b/roles/gitea-act-runner/defaults/main.yaml new file mode 100644 index 0000000..4df84ac --- /dev/null +++ b/roles/gitea-act-runner/defaults/main.yaml @@ -0,0 +1,11 @@ +gitea_act_runner_enabled: true +gitea_act_runner_chart_ref: "ghp/gitea-act-runner" +gitea_act_runner_gitea_instance_short_name: "gitea" +gitea_act_runner_default_values: + giteaInstance: "{{ gitea_act_runner_gitea_instance_short_name }}.{{ domain }}" + token: "" + persistence: + enabled: true + accessMode: "{{ gitea_act_runner_storage_mode | default('ReadWriteMany') }}" + size: "{{ gitea_act_runner_size | default('25Gi') }}" + storageClass: "{{ gitea_act_runner_storage | default('nfs-ssd') }}" diff --git a/roles/gitea-act-runner/tasks/main.yaml b/roles/gitea-act-runner/tasks/main.yaml new file mode 100644 index 0000000..a868579 --- /dev/null +++ b/roles/gitea-act-runner/tasks/main.yaml @@ -0,0 +1,11 @@ +- set_fact: + gitea_act_runner_combined_values: "{{ gitea_act_runner_default_values | combine(gitea_act_runner_values, recursive=true) }}" + +- name: Deploy Gitea Act Runner + kubernetes.core.helm: + create_namespace: true + release_namespace: "{{ gitea_act_runner_namespace | default(namespace) }}" + release_name: "{{ gitea_act_runner_name | default('gitea-act-runner') }}" + chart_ref: "{{ gitea_act_runner_chart_ref }}" + chart_version: "{{ gitea_act_runner_version | default(omit) }}" + release_values: "{{ gitea_act_runner_combined_values | from_yaml }}" diff --git a/roles/gitea-act-runner/tasks/secrets.yaml b/roles/gitea-act-runner/tasks/secrets.yaml new file mode 100644 index 0000000..4ae2d06 --- /dev/null +++ b/roles/gitea-act-runner/tasks/secrets.yaml @@ -0,0 +1,25 @@ +- block: + - name: Set DB namespace for secret lookup + set_fact: + db_namespace: "{{ peertube_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}" + + - name: Set DB secret name for lookup + set_fact: + db_secret_name: "peertube-owner-user.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do" + + - name: Lookup PeerTube DB secret + set_fact: + peertube_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}" + + - debug: + msg: "{{ peertube_db_secret }}" + verbosity: 2 + + - name: Set PeerTube DB username + set_fact: + peertube_db_username: "{{ peertube_db_secret.data.username | b64decode }}" + + - name: Set PeerTube DB password + set_fact: + peertube_db_password: "{{ peertube_db_secret.data.password | b64decode }}" + diff --git a/roles/gitea/defaults/main.yaml b/roles/gitea/defaults/main.yaml index 1aa6d65..c07db35 100644 --- a/roles/gitea/defaults/main.yaml +++ b/roles/gitea/defaults/main.yaml @@ -1,6 +1,7 @@ gitea_enabled: true gitea_publish_web: false gitea_publish_ssh: false +gitea_chart_ref: "gitea-charts/gitea" gitea_use_external_db: true gitea_short_name: "gitea" gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx" @@ -78,6 +79,10 @@ gitea_default_values: USER: "{{ gitea_ldap_user | default('gitea') }}" PASSWD: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}" MAILER_TYPE: "smtp" + actions: + ENABLED: "true" + packages: + ENABLED: "true" gitea_external_db_values: gitea: @@ -101,6 +106,7 @@ gitea_publish_ingress_nginx_values: service: externalTrafficPolicy: Local +gitea_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx" gitea_ingress_nginx_default_values: controller: containerPort: @@ -133,11 +139,8 @@ gitea_ingress_nginx_default_values: 22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22" +gitea_dns_chart_ref: "ghp/external-dns" gitea_dns_default_values: - image: - registry: registry.0xace.cc - repository: ghp/external-dns - tag: v0.7.6-663-gf76382a5 fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}" ingressClass: "{{ gitea_ingress_class }}" domainFilters: ["{{ domain }}"] diff --git a/roles/gitea/tasks/main.yaml b/roles/gitea/tasks/main.yaml index fb8b01b..a8ba654 100644 --- a/roles/gitea/tasks/main.yaml +++ b/roles/gitea/tasks/main.yaml @@ -26,7 +26,7 @@ create_namespace: true release_namespace: "{{ gitea_ingress_nginx_namespace | default(namespace) }}" release_name: "{{ gitea_ingress_nginx_release_name | default(namespace + '-gitea-ingress-nginx') }}" - chart_ref: "{{ gitea_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}" + chart_ref: "{{ gitea_ingress_nginx_chart_ref }}" chart_version: "{{ gitea_ingress_nginx_version | default(omit) }}" release_values: "{{ gitea_ingress_nginx_combined_values | from_yaml }}" wait: true @@ -36,7 +36,7 @@ create_namespace: true release_namespace: "{{ gitea_dns_namespace | default(namespace) }}" release_name: "{{ gitea_dns_relase_name | default(namespace + '-gitea-internal-dns') }}" - chart_ref: "{{ gitea_dns_chart | default('ghp/external-dns') }}" + chart_ref: "{{ gitea_dns_chart_ref }}" chart_version: "{{ gitea_dns_version | default(omit) }}" release_values: "{{ gitea_dns_combined_values | from_yaml }}" wait: true @@ -47,7 +47,7 @@ create_namespace: true release_namespace: "{{ gitea_namespace | default(namespace) }}" release_name: "{{ gitea_release_name | default(namespace + '-gitea') }}" - chart_ref: "{{ gitea_chart | default('gitea-charts/gitea') }}" + chart_ref: "{{ gitea_chart_ref }}" chart_version: "{{ gitea_version | default(omit) }}" release_values: "{{ gitea_combined_values | from_yaml }}" #wait: true diff --git a/roles/harbor/defaults/main.yaml b/roles/harbor/defaults/main.yaml index 8084336..4af76dc 100644 --- a/roles/harbor/defaults/main.yaml +++ b/roles/harbor/defaults/main.yaml @@ -1,5 +1,6 @@ -harbor_enabled: true +harbor_enabled: false harbor_publish: false +harbor_chart_ref: "harbor/harbor" harbor_short_name: "harbor" harbor_use_external_db: true harbor_default_values: @@ -48,12 +49,6 @@ harbor_default_values: subPath: "" accessMode: "{{ harbor_registry_storage_mode | default(harbor_storage_mode) | default('ReadWriteMany') }}" size: "{{ harbor_registry_size | default('100Gi') }}" - chartmuseum: - existingClaim: "" - storageClass: "{{ harbor_charts_storage | default(harbor_storage) | default('nfs-ssd') }}" - subPath: "" - accessMode: "{{ harbor_charts_storage_mode | default(harbor_storage_mode) | default('ReadWriteMany') }}" - size: "{{ harbor_charts_size | default('50Gi') }}" jobservice: jobLog: existingClaim: "" @@ -86,9 +81,6 @@ harbor_default_values: imagePullPolicy: IfNotPresent - # The update strategy for deployments with persistent volumes(jobservice, registry - # and chartmuseum): "RollingUpdate" or "Recreate" - # Set it as "Recreate" when "RWM" for volumes isn't supported updateStrategy: type: RollingUpdate diff --git a/roles/harbor/tasks/main.yaml b/roles/harbor/tasks/main.yaml index e9be53b..1f7d65c 100644 --- a/roles/harbor/tasks/main.yaml +++ b/roles/harbor/tasks/main.yaml @@ -12,7 +12,7 @@ create_namespace: true release_namespace: "{{ harbor_namespace | default(namespace) }}" release_name: "{{ harbor_name | default('harbor') }}" - chart_ref: "{{ harbor_chart | default('harbor/harbor') }}" + chart_ref: "{{ harbor_chart_ref }}" chart_version: "{{ harbor_version | default(omit) }}" release_values: "{{ harbor_combined_values | from_yaml }}" wait: true diff --git a/roles/helm-repos/defaults/main.yaml b/roles/helm-repos/defaults/main.yaml index c23e4b5..55247d1 100644 --- a/roles/helm-repos/defaults/main.yaml +++ b/roles/helm-repos/defaults/main.yaml @@ -1,8 +1,7 @@ helm_repos: - - { name: 'ghp', url: 'https://registry.geekhome.org/chartrepo/ghp' } + - { name: 'ghp', url: 'https://git.geekhome.org' } - { name: 'jetstack', url: 'https://charts.jetstack.io' } - { name: 'bitnami', url: 'https://charts.bitnami.com/bitnami' } - - { name: 'drone', url: 'https://charts.drone.io' } - { name: 'ingress-nginx', url: 'https://kubernetes.github.io/ingress-nginx' } - { name: 'stable', url: 'https://charts.helm.sh/stable' } - { name: 'nextcloud', url: 'https://nextcloud.github.io/helm' } @@ -11,4 +10,5 @@ helm_repos: - { name: 'harbor', url: 'https://helm.goharbor.io' } - { name: 'metallb', url: 'https://metallb.github.io/metallb' } - { name: 'nfs-subdir-external-provisioner', url: 'https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner' } + - { name: 'metrics-server', url: 'https://kubernetes-sigs.github.io/metrics-server/' } diff --git a/roles/internal-dns/defaults/main.yaml b/roles/internal-dns/defaults/main.yaml index b0e7317..a9c175b 100644 --- a/roles/internal-dns/defaults/main.yaml +++ b/roles/internal-dns/defaults/main.yaml @@ -1,8 +1,5 @@ +internal_dns_chart_ref: "ghp/external-dns" internal_dns_default_values: - image: - registry: registry.0xace.cc - repository: ghp/external-dns - tag: v0.7.6-663-gf76382a5 fullnameOverride: "{{ internal_dns_name | default(namespace + '-internal-dns') }}" ingressClass: "{{ internal_ingress_class }}" domainFilters: ["{{ internal_domain | default(domain) }}"] diff --git a/roles/internal-dns/tasks/main.yaml b/roles/internal-dns/tasks/main.yaml index 65124e3..f3f685c 100644 --- a/roles/internal-dns/tasks/main.yaml +++ b/roles/internal-dns/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ internal_dns_namespace | default(dns_namespace) | default(namespace) }}" release_name: "{{ internal_dns_name | default(namespace + '-internal-dns') }}" - chart_ref: "{{ internal_dns_chart | default('ghp/external-dns') }}" + chart_ref: "{{ internal_dns_chart_ref }}" chart_version: "{{ internal_dns_version | default(omit) }}" release_values: "{{ internal_dns_combined_values | from_yaml }}" wait: true diff --git a/roles/internal-ingress-nginx/defaults/main.yaml b/roles/internal-ingress-nginx/defaults/main.yaml index 111f7aa..57b6351 100644 --- a/roles/internal-ingress-nginx/defaults/main.yaml +++ b/roles/internal-ingress-nginx/defaults/main.yaml @@ -1,3 +1,4 @@ +internal_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx" internal_ingress_nginx_default_values: controller: publishService: diff --git a/roles/internal-ingress-nginx/tasks/main.yaml b/roles/internal-ingress-nginx/tasks/main.yaml index 1d6ac75..423d451 100644 --- a/roles/internal-ingress-nginx/tasks/main.yaml +++ b/roles/internal-ingress-nginx/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ internal_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}" release_name: "{{ internal_ingress_nginx_name | default(namespace + '-internal-ingress-nginx') }}" - chart_ref: "{{ internal_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}" + chart_ref: "{{ internal_ingress_nginx_chart_ref }}" chart_version: "{{ internal_ingress_nginx_version | default(omit) }}" release_values: "{{ internal_ingress_nginx_combined_values | from_yaml }}" wait: true diff --git a/roles/local-dns/defaults/main.yaml b/roles/local-dns/defaults/main.yaml index cdab1fc..6114deb 100644 --- a/roles/local-dns/defaults/main.yaml +++ b/roles/local-dns/defaults/main.yaml @@ -1,8 +1,5 @@ +local_dns_chart_ref: "ghp/external-dns" local_dns_default_values: - image: - registry: registry.0xace.cc - repository: ghp/external-dns - tag: v0.7.6-663-gf76382a5 fullnameOverride: "{{ local_dns_name | default(namespace + '-local-dns') }}" ingressClass: "{{ local_ingress_class }}" domainFilters: ["{{ local_domain }}"] diff --git a/roles/local-dns/tasks/main.yaml b/roles/local-dns/tasks/main.yaml index 4bfc130..1efac02 100644 --- a/roles/local-dns/tasks/main.yaml +++ b/roles/local-dns/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ local_dns_namespace | default(dns_namespace) | default(namespace) }}" release_name: "{{ local_dns_name | default(namespace + '-local-dns') }}" - chart_ref: "{{ local_dns_chart | default('ghp/external-dns') }}" + chart_ref: "{{ local_dns_chart_ref }}" chart_version: "{{ local_dns_version | default(omit) }}" release_values: "{{ local_dns_combined_values | from_yaml }}" wait: true diff --git a/roles/local-ingress-nginx/defaults/main.yaml b/roles/local-ingress-nginx/defaults/main.yaml index e34cf49..a07a31d 100644 --- a/roles/local-ingress-nginx/defaults/main.yaml +++ b/roles/local-ingress-nginx/defaults/main.yaml @@ -1,3 +1,4 @@ +local_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx" local_ingress_nginx_default_values: controller: publishService: diff --git a/roles/local-ingress-nginx/tasks/main.yaml b/roles/local-ingress-nginx/tasks/main.yaml index 8d0ab84..cee3b07 100644 --- a/roles/local-ingress-nginx/tasks/main.yaml +++ b/roles/local-ingress-nginx/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ local_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}" release_name: "{{ local_ingress_nginx_name | default(namespace + '-local-ingress-nginx') }}" - chart_ref: "{{ local_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}" + chart_ref: "{{ local_ingress_nginx_chart_ref }}" chart_version: "{{ local_ingress_nginx_version | default(omit) }}" release_values: "{{ local_ingress_nginx_combined_values | from_yaml }}" wait: true diff --git a/roles/mail/tasks/main.yaml b/roles/mail/tasks/main.yaml index 98824f2..54250c3 100644 --- a/roles/mail/tasks/main.yaml +++ b/roles/mail/tasks/main.yaml @@ -46,18 +46,6 @@ name: dovecot tags: dovecot -- name: Deploy OpenDKIM - import_role: - name: opendkim - when: opendkim_enabled | default(false) - tags: opendkim - -- name: Deploy OpenDMARC - import_role: - name: opendmarc - when: opendmarc_enabled | default(false) - tags: opendmarc - - name: Deploy Rspamd import_role: name: rspamd diff --git a/roles/mastodon/defaults/main.yaml b/roles/mastodon/defaults/main.yaml index c05b26f..1fb6ef2 100644 --- a/roles/mastodon/defaults/main.yaml +++ b/roles/mastodon/defaults/main.yaml @@ -1,5 +1,6 @@ mastodon_enabled: false mastodon_publish: true +mastodon_chart_ref: "ghp/mastodon" mastodon_use_external_db: true mastodon_short_name: "mastodon" mastodon_enable_elasticsearch: true diff --git a/roles/mastodon/tasks/main.yaml b/roles/mastodon/tasks/main.yaml index baf8f77..0af7881 100644 --- a/roles/mastodon/tasks/main.yaml +++ b/roles/mastodon/tasks/main.yaml @@ -12,7 +12,7 @@ create_namespace: true release_namespace: "{{ mastodon_namespace | default(namespace) }}" release_name: "{{ mastodon_name | default('mastodon') }}" - chart_ref: "{{ mastodon_chart | default('ghp/mastodon') }}" + chart_ref: "{{ mastodon_chart_ref }}" chart_version: "{{ mastodon_version | default(omit) }}" release_values: "{{ mastodon_combined_values | from_yaml }}" diff --git a/roles/metallb/defaults/main.yaml b/roles/metallb/defaults/main.yaml index ffbf1bc..4ab062d 100644 --- a/roles/metallb/defaults/main.yaml +++ b/roles/metallb/defaults/main.yaml @@ -1,4 +1,5 @@ -strict_arp_for_metallb: true +metallb_chart_ref: "metallb/metallb" +metallb_strict_arp: true metallb_default_values: {} metallb_pool_name: "default" diff --git a/roles/metallb/tasks/main.yaml b/roles/metallb/tasks/main.yaml index eed9ced..2a769a6 100644 --- a/roles/metallb/tasks/main.yaml +++ b/roles/metallb/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ metallb_namespace | default('metallb-system') }}" release_name: "{{ metallb_name | default('metallb') }}" - chart_ref: "{{ metallb_chart | default('metallb/metallb') }}" + chart_ref: "{{ metallb_chart_ref }}" chart_version: "{{ metallb_version | default(omit) }}" release_values: "{{ metallb_combined_values | from_yaml }}" wait: true @@ -18,7 +18,7 @@ sed -e "s/strictARP: false/strictARP: true/" | \ kubectl diff -f - -n kube-system register: check_strict_arp - when: strict_arp_for_metallb + when: metallb_strict_arp changed_when: check_strict_arp.rc != 0 - name: Apply strict arp @@ -29,7 +29,7 @@ && kubectl -n kube-system delete pods --selector=k8s-app=kube-proxy when: - strict_arp_for_metallb - - check_strict_arp.changed + - metallb_strict_arp.changed - name: Apply MetalLB L2 definitions k8s: diff --git a/roles/metrics-server/defaults/main.yaml b/roles/metrics-server/defaults/main.yaml index c75e8c1..db5edee 100644 --- a/roles/metrics-server/defaults/main.yaml +++ b/roles/metrics-server/defaults/main.yaml @@ -1,6 +1,10 @@ metrics_server_enabled: true +metrics_server_chart_ref: "metrics-server/metrics-server" metrics_server_default_values: apiService: create: true - extraArgs: - kubelet-insecure-tls: true + args: + - --kubelet-insecure-tls=true + metrics: + enabled: true + diff --git a/roles/metrics-server/tasks/main.yaml b/roles/metrics-server/tasks/main.yaml index 70fb029..8d8d186 100644 --- a/roles/metrics-server/tasks/main.yaml +++ b/roles/metrics-server/tasks/main.yaml @@ -6,6 +6,6 @@ create_namespace: true release_namespace: "{{ metrics_server_namespace | default('metrics-server') }}" release_name: "{{ metrics_server_name | default('metrics-server') }}" - chart_ref: "{{ metrics_server_chart | default('bitnami/metrics-server') }}" + chart_ref: "{{ metrics_server_chart_ref }}" chart_version: "{{ metrics_server_version | default(omit) }}" release_values: "{{ metrics_server_combined_values | from_yaml }}" diff --git a/roles/nextcloud/defaults/main.yaml b/roles/nextcloud/defaults/main.yaml index ba36cea..49a930c 100644 --- a/roles/nextcloud/defaults/main.yaml +++ b/roles/nextcloud/defaults/main.yaml @@ -1,5 +1,6 @@ nextcloud_enabled: true nextcloud_publish: false +nextcloud_chart_ref: "nextcloud/nextcloud" nextcloud_use_external_db: true nextcloud_short_name: "nextcloud" nextcloud_default_values: diff --git a/roles/nextcloud/tasks/main.yaml b/roles/nextcloud/tasks/main.yaml index 42d9c37..cff7d88 100644 --- a/roles/nextcloud/tasks/main.yaml +++ b/roles/nextcloud/tasks/main.yaml @@ -12,7 +12,7 @@ create_namespace: true release_namespace: "{{ nextcloud_namespace | default(namespace) }}" release_name: "{{ nextcloud_name | default('nextcloud') }}" - chart_ref: "{{ nextcloud_chart | default('nextcloud/nextcloud') }}" + chart_ref: "{{ nextcloud_chart_ref }}" chart_version: "{{ nextcloud_version | default(omit) }}" release_values: "{{ nextcloud_combined_values | from_yaml }}" wait: false diff --git a/roles/nfs-client-provisioner/defaults/main.yaml b/roles/nfs-client-provisioner/defaults/main.yaml index 6a1c04c..ad3e115 100644 --- a/roles/nfs-client-provisioner/defaults/main.yaml +++ b/roles/nfs-client-provisioner/defaults/main.yaml @@ -1,4 +1,5 @@ -nfs_client_provisioner_namespace: nfs-client-provisioner +nfs_client_provisioner_namespace: "nfs-client-provisioner" +nfs_client_provisioner_hdd_chart_ref: "nfs-subdir-external-provisioner/nfs-subdir-external-provisioner" nfs_client_provisioner_hdd_default_values: replicaCount: 1 strategyType: Recreate @@ -34,6 +35,7 @@ nfs_client_provisioner_hdd_default_values: accessModes: ReadWriteMany +nfs_client_provisioner_ssd_chart_ref: "nfs-subdir-external-provisioner/nfs-subdir-external-provisioner" nfs_client_provisioner_ssd_default_values: replicaCount: 1 strategyType: Recreate diff --git a/roles/nfs-client-provisioner/tasks/main.yaml b/roles/nfs-client-provisioner/tasks/main.yaml index bf7378f..42ee1ec 100644 --- a/roles/nfs-client-provisioner/tasks/main.yaml +++ b/roles/nfs-client-provisioner/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ nfs_client_provisioner_hdd_namespace | default(nfs_client_provisioner_namespace) | default(namespace) }}" release_name: "{{ nfs_client_provisioner_hdd_name | default('nfs-client-provisioner-hdd') }}" - chart_ref: "{{ nfs_client_provisioner_hdd_chart | default('nfs-subdir-external-provisioner/nfs-subdir-external-provisioner') }}" + chart_ref: "{{ nfs_client_provisioner_hdd_chart_ref }}" chart_version: "{{ nfs_client_provisioner_hdd_version | default(omit) }}" release_values: "{{ nfs_client_provisioner_hdd_combined_values | from_yaml }}" wait: true @@ -19,7 +19,7 @@ create_namespace: true release_namespace: "{{ nfs_client_provisioner_ssd_namespace | default(nfs_client_provisioner_namespace) | default(namespace) }}" release_name: "{{ nfs_client_provisioner_ssd_name | default('nfs-client-provisioner-ssd') }}" - chart_ref: "{{ nfs_client_provisioner_ssd_chart | default('nfs-subdir-external-provisioner/nfs-subdir-external-provisioner') }}" + chart_ref: "{{ nfs_client_provisioner_ssd_chart_ref }}" chart_version: "{{ nfs_client_provisioner_ssd_version | default(omit) }}" release_values: "{{ nfs_client_provisioner_ssd_combined_values | from_yaml }}" wait: true diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index 083e4e0..3928e94 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -1,16 +1,11 @@ harbor_readonly_ingress: false -registry_readonly_ingress: false wikijs_readonly_ingress: false -chartmuseum_readonly_ingress: false -registry_publish: false -chartmuseum_publish: false harbor_publish: false roundcube_publish: false nextcloud_publish: true bitwarden_publish: false gitea_publish_web: false gitea_publish_ssh: false -drone_publish: false wikijs_publish: false playmaker_publish: false pypiserver_publish: false diff --git a/roles/opendkim/defaults/main.yaml b/roles/opendkim/defaults/main.yaml deleted file mode 100644 index 0e27411..0000000 --- a/roles/opendkim/defaults/main.yaml +++ /dev/null @@ -1,45 +0,0 @@ -opendkim_short_name: "opendkim" -opendkim_default_values: - replicaCount: 1 - persistence: - enabled: false - existingClaim: mailboxes - opendkim: - image: - repository: "instrumentisto/opendkim" - tag: alpine - configmaps: - opendkim: | - PidFile /var/run/opendkim/opendkim.pid - Mode sv - Syslog yes - SyslogSuccess yes - LogWhy yes - UserID opendkim:opendkim - Socket inet:8891 - Umask 002 - SendReports yes - SoftwareHeader yes - Canonicalization relaxed/relaxed - Domain {{ domain }} - Selector default - MinimumKeyBits 1024 - KeyTable refile:/etc/opendkim/KeyTable - SigningTable refile:/etc/opendkim/SigningTable - ExternalIgnoreList refile:/etc/opendkim/TrustedHosts - InternalHosts refile:/etc/opendkim/TrustedHosts - OversignHeaders From - keytable: | - default._domainkey.{{ domain }} {{ domain }}:default:/etc/opendkim/keys/default.private - signingtable: | - *@{{ domain }} default._domainkey.{{ domain }} - trustedhosts: | - 127.0.0.1 - ::1 - *.{{ domain }} - default-private: | - {{ dkim_private_key_base64 | b64decode }} - default-public: | - {{ dkim_public_key_base64 | b64decode }} - service: - type: ClusterIP diff --git a/roles/opendkim/tasks/main.yaml b/roles/opendkim/tasks/main.yaml deleted file mode 100644 index b4b7288..0000000 --- a/roles/opendkim/tasks/main.yaml +++ /dev/null @@ -1,13 +0,0 @@ -- set_fact: - opendkim_combined_values: "{{ opendkim_default_values | combine(opendkim_values, recursive=true) }}" - -- name: Deploy OpenDKIM - kubernetes.core.helm: - create_namespace: true - release_namespace: "{{ opendkim_namespace | default(mail_namespace) | default(namespace) }}" - release_name: "{{ opendkim_name | default('opendkim') }}" - chart_ref: "{{ opendkim_chart | default('ghp/opendkim') }}" - chart_version: "{{ opendkim_version | default(omit) }}" - release_values: "{{ opendkim_combined_values | from_yaml }}" - wait: true - diff --git a/roles/opendmarc/defaults/main.yaml b/roles/opendmarc/defaults/main.yaml deleted file mode 100644 index a1a60e9..0000000 --- a/roles/opendmarc/defaults/main.yaml +++ /dev/null @@ -1,25 +0,0 @@ -opendmarc_short_name: "opendmarc" -opendmarc_default_values: - replicaCount: 1 - persistence: - enabled: false - existingClaim: mailboxes - - opendmarc: - image: - repository: "instrumentisto/opendmarc" - tag: alpine - configmaps: - opendmarc: | - AuthservID {{ mail_short_name | default('mail') }}.{{ domain }} - Socket inet:8893 - SoftwareHeader true - IgnoreAuthenticatedClients true - SPFIgnoreResults false - SPFSelfValidate false - RequiredHeaders true - Syslog true - UserID opendmarc:mail - service: - type: ClusterIP - diff --git a/roles/opendmarc/tasks/main.yaml b/roles/opendmarc/tasks/main.yaml deleted file mode 100644 index e6f7b03..0000000 --- a/roles/opendmarc/tasks/main.yaml +++ /dev/null @@ -1,13 +0,0 @@ -- set_fact: - opendmarc_combined_values: "{{ opendmarc_default_values | combine(opendmarc_values, recursive=true) }}" - -- name: Deploy OpenDMARC - kubernetes.core.helm: - create_namespace: true - release_namespace: "{{ opendmarc_namespace | default(mail_namespace) | default(namespace) }}" - release_name: "{{ opendmarc_name | default('opendmarc') }}" - chart_ref: "{{ opendmarc_chart | default('ghp/opendmarc') }}" - chart_version: "{{ opendmarc_version | default(omit) }}" - release_values: "{{ opendmarc_combined_values | from_yaml }}" - wait: true - diff --git a/roles/openldap/defaults/main.yaml b/roles/openldap/defaults/main.yaml index 0823485..d1f20e8 100644 --- a/roles/openldap/defaults/main.yaml +++ b/roles/openldap/defaults/main.yaml @@ -1,3 +1,4 @@ +openldap_chart_ref: "ghp/openldap" openldap_short_name: "openldap" openldap_default_values: replicaCount: 1 diff --git a/roles/openldap/tasks/main.yaml b/roles/openldap/tasks/main.yaml index bdf521b..71d7f92 100644 --- a/roles/openldap/tasks/main.yaml +++ b/roles/openldap/tasks/main.yaml @@ -38,7 +38,7 @@ create_namespace: true release_namespace: "{{ openldap_namespace | default(namespace) }}" release_name: "{{ openldap_name | default('openldap') }}" - chart_ref: "{{ openldap_chart | default('ghp/openldap') }}" + chart_ref: "{{ openldap_chart_ref }}" chart_version: "{{ openldap_version | default(omit) }}" release_values: "{{ openldap_combined_values | from_yaml }}" diff --git a/roles/peertube/defaults/main.yaml b/roles/peertube/defaults/main.yaml index 729fdad..a04906a 100644 --- a/roles/peertube/defaults/main.yaml +++ b/roles/peertube/defaults/main.yaml @@ -1,5 +1,6 @@ peertube_enabled: false peertube_publish: false +peertube_chart_ref: "ghp/peertube" peertube_use_external_db: true peertube_short_name: "peertube" peertube_default_values: diff --git a/roles/peertube/tasks/main.yaml b/roles/peertube/tasks/main.yaml index ca64415..57380a6 100644 --- a/roles/peertube/tasks/main.yaml +++ b/roles/peertube/tasks/main.yaml @@ -12,6 +12,6 @@ create_namespace: true release_namespace: "{{ peertube_namespace | default(namespace) }}" release_name: "{{ peertube_name | default('peertube') }}" - chart_ref: "{{ peertube_chart | default('ghp/peertube') }}" + chart_ref: "{{ peertube_chart_ref }}" chart_version: "{{ peertube_version | default(omit) }}" release_values: "{{ peertube_combined_values | from_yaml }}" diff --git a/roles/playmaker/defaults/main.yaml b/roles/playmaker/defaults/main.yaml index 5d5f507..3945d96 100644 --- a/roles/playmaker/defaults/main.yaml +++ b/roles/playmaker/defaults/main.yaml @@ -1,5 +1,6 @@ playmaker_enabled: true playmaker_publish: false +playmaker_chart_ref: "ghp/playmaker" playmaker_short_name: "playmaker" playmaker_default_values: replicaCount: 1 diff --git a/roles/playmaker/tasks/main.yaml b/roles/playmaker/tasks/main.yaml index f61c3c6..9694010 100644 --- a/roles/playmaker/tasks/main.yaml +++ b/roles/playmaker/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ playmaker_namespace | default(namespace) }}" release_name: "{{ playmaker_name | default('playmaker') }}" - chart_ref: "{{ playmaker_chart | default('ghp/playmaker') }}" + chart_ref: "{{ playmaker_chart_ref }}" chart_version: "{{ playmaker_version | default(omit) }}" release_values: "{{ playmaker_combined_values | from_yaml }}" wait: true diff --git a/roles/postfix/defaults/main.yaml b/roles/postfix/defaults/main.yaml index b68cc1d..9df1f36 100644 --- a/roles/postfix/defaults/main.yaml +++ b/roles/postfix/defaults/main.yaml @@ -1,3 +1,4 @@ +postfix_chart_ref: "ghp/postfix" postfix_short_name: "postfix" postfix_default_values: replicaCount: 1 diff --git a/roles/postfix/tasks/main.yaml b/roles/postfix/tasks/main.yaml index 661c330..20cd4fd 100644 --- a/roles/postfix/tasks/main.yaml +++ b/roles/postfix/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ postfix_namespace | default(mail_namespace) | default(namespace) }}" release_name: "{{ postfix_name | default('postfix') }}" - chart_ref: "{{ postfix_chart | default('ghp/postfix') }}" + chart_ref: "{{ postfix_chart_ref }}" chart_version: "{{ postfix_version | default(omit) }}" release_values: "{{ postfix_combined_values | from_yaml }}" wait: true diff --git a/roles/postgres/defaults/main.yaml b/roles/postgres/defaults/main.yaml index 726bb29..a9d51df 100644 --- a/roles/postgres/defaults/main.yaml +++ b/roles/postgres/defaults/main.yaml @@ -49,7 +49,6 @@ postgres_db_definitions: size: "{{ postgres_size | default('10Gi') }}" users: gitea: [] - drone: [] bitwarden: [] wikijs: [] nextcloud: [] @@ -58,7 +57,6 @@ postgres_db_definitions: mastodon: [] databases: gitea: gitea - drone: drone bitwarden: bitwarden wikijs: wikijs nextcloud: nextcloud diff --git a/roles/postgres/tasks/main.yaml b/roles/postgres/tasks/main.yaml index b40932e..353f741 100644 --- a/roles/postgres/tasks/main.yaml +++ b/roles/postgres/tasks/main.yaml @@ -45,12 +45,12 @@ - set_fact: postgres_operator_combined_values: "{{ postgres_operator_default_values | combine(postgres_operator_values, recursive=true) }}" -- name: Deploy Postgres-operator +- name: Deploy Postgres Operator kubernetes.core.helm: create_namespace: true release_namespace: "{{ postgres_operator_namespace | default(namespace) }}" release_name: "{{ postgres_operator_name | default('postgres-operator') }}" - chart_ref: "{{ postgres_operator_chart | default('ghp/postgres-operator') }}" + chart_ref: "{{ postgres_operator_chart_ref }}" chart_version: "{{ postgres_operator_version | default(omit) }}" release_values: "{{ postgres_operator_combined_values | from_yaml }}" wait: true @@ -58,12 +58,12 @@ - set_fact: postgres_operator_ui_combined_values: "{{ postgres_operator_ui_default_values | combine(postgres_operator_ui_values, recursive=true) }}" -- name: Deploy Postgres-operator UI +- name: Deploy Postgres Operator UI kubernetes.core.helm: create_namespace: true release_namespace: "{{ postgres_operator_ui_namespace | default(postgres_operator_namespace) | default(namespace) }}" release_name: "{{ postgres_operator_ui_name | default('postgres-operator-ui') }}" - chart_ref: "{{ postgres_operator_ui_chart | default('ghp/postgres-operator-ui') }}" + chart_ref: "{{ postgres_operator_ui_chart_ref }}" chart_version: "{{ postgres_operator_ui_version | default(omit) }}" release_values: "{{ postgres_operator_ui_combined_values | from_yaml }}" wait: true diff --git a/roles/pwgen/defaults/main.yaml b/roles/pwgen/defaults/main.yaml index 9a5c05b..91b90a4 100644 --- a/roles/pwgen/defaults/main.yaml +++ b/roles/pwgen/defaults/main.yaml @@ -8,8 +8,6 @@ default_accounts: - { name: gitea_admin } - { name: gitea_ldap } - { name: wikijs_ldap } - - { name: drone_admin } - - { name: chartmuseum_admin } - { name: peertube_ldap } - { name: peertube_admin } - { name: mastodon_admin } diff --git a/roles/pwgen/tasks/main.yaml b/roles/pwgen/tasks/main.yaml index ae7dafa..5816851 100644 --- a/roles/pwgen/tasks/main.yaml +++ b/roles/pwgen/tasks/main.yaml @@ -25,36 +25,6 @@ loop: "{{ openldap_simple_users }}" when: openldap_simple_users is defined -- name: Test if Drone rpc secret exists in file for {{ item }} - shell: grep -c "drone_rpc_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: rpc_secret_test_grep - -- name: Test if Drone database secret exists in file for {{ item }} - shell: grep -c "drone_database_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: database_secret_test_grep - -- name: Create Drone rpc secret for {{ item }} - shell: "< /dev/urandom tr -dc a-f0-9 | head -c${1:-128};echo;" - register: rpc_secret - when: rpc_secret_test_grep.stdout == '0' - -- name: Create Drone database secret for {{ item }} - shell: "< /dev/urandom tr -dc a-f0-9 | head -c${1:-32};echo;" - register: db_secret - when: database_secret_test_grep.stdout == '0' - -- name: Write Drone rpc secret for {{ item }} - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "drone_rpc_secret: \"{{ rpc_secret.stdout }}\"" - when: rpc_secret_test_grep.stdout == '0' - -- name: Write Drone database secret for {{ item }} - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "drone_database_secret: \"{{ db_secret.stdout }}\"" - when: database_secret_test_grep.stdout == '0' - - include_tasks: tsig.yaml - include_tasks: dkim.yaml diff --git a/roles/pypiserver/defaults/main.yaml b/roles/pypiserver/defaults/main.yaml index 70e2e17..8fbe0ca 100644 --- a/roles/pypiserver/defaults/main.yaml +++ b/roles/pypiserver/defaults/main.yaml @@ -1,5 +1,6 @@ pypiserver_enabled: true pypiserver_publish: false +pypiserver_chart_ref: "ghp/pypiserver" pypiserver_short_name: "pip" pypiserver_default_values: ## If you want more than 1 replica you will have to use a ReadWriteMany volume diff --git a/roles/pypiserver/tasks/main.yaml b/roles/pypiserver/tasks/main.yaml index 3570a0f..d079b66 100644 --- a/roles/pypiserver/tasks/main.yaml +++ b/roles/pypiserver/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ pypiserver_namespace | default(namespace) }}" release_name: "{{ pypiserver_name | default('pypiserver') }}" - chart_ref: "{{ pypiserver_chart | default('ghp/pypiserver') }}" + chart_ref: "{{ pypiserver_chart_ref }}" chart_version: "{{ pypiserver_version | default(omit) }}" release_values: "{{ pypiserver_combined_values | from_yaml }}" wait: true diff --git a/roles/registry/defaults/main.yaml b/roles/registry/defaults/main.yaml deleted file mode 100644 index a064c29..0000000 --- a/roles/registry/defaults/main.yaml +++ /dev/null @@ -1,56 +0,0 @@ -registry_enabled: true -registry_publish: false -registry_short_name: "registry" -registry_default_values: - service: - type: ClusterIP - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "{{ external_ingress_class if registry_publish else internal_ingress_class }}" - cert-manager.io/cluster-issuer: "letsencrypt-prod" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - hosts: - - "{{ registry_short_name }}.{{ domain }}" - tls: - - secretName: "{{ registry_short_name }}.{{ domain }}-tls" - hosts: - - "{{ registry_short_name }}.{{ domain }}" - persistence: - enabled: true - storageClass: "{{ registry_storage | default('nfs-hdd') }}" - size: "{{ registry_size | default('15Gi') }}" - accessMode: "{{ registry_storage_mode | default('ReadWriteMany') }}" - -registry_readonly_ingress_definition: | - apiVersion: extensions/v1beta1 - kind: Ingress - metadata: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: "{{ external_ingress_class }}" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - nginx.ingress.kubernetes.io/configuration-snippet: |- - limit_except GET { - deny all; - } - name: docker-registry-public - namespace: "{{ registry_namespace | default(namespace) }}" - spec: - rules: - - host: "{{ registry_readonly_ingress }}" - http: - paths: - - backend: - serviceName: docker-registry - servicePort: 5000 - path: / - tls: - - hosts: - - "{{ registry_readonly_ingress }}" - secretName: "{{ registry_readonly_ingress }}-tls" - diff --git a/roles/registry/tasks/main.yaml b/roles/registry/tasks/main.yaml deleted file mode 100644 index cfad43e..0000000 --- a/roles/registry/tasks/main.yaml +++ /dev/null @@ -1,19 +0,0 @@ -- set_fact: - registry_combined_values: "{{ registry_default_values | combine(registry_values, recursive=true) }}" - -- name: Deploy Docker registry - kubernetes.core.helm: - create_namespace: true - release_namespace: "{{ registry_namespace | default(namespace) }}" - release_name: "{{ registry_name | default('docker-registry') }}" - chart_ref: "{{ registry_chart | default('ghp/docker-registry') }}" - chart_version: "{{ registry_version | default(omit) }}" - release_values: "{{ registry_combined_values | from_yaml }}" - wait: true - -- name: Deploy readonly public ingress for Docker registry - when: registry_readonly_ingress is defined - k8s: - state: present - definition: - "{{ registry_readonly_ingress_definition }}" diff --git a/roles/roundcube/defaults/main.yaml b/roles/roundcube/defaults/main.yaml index eff55ff..02587ca 100644 --- a/roles/roundcube/defaults/main.yaml +++ b/roles/roundcube/defaults/main.yaml @@ -1,5 +1,6 @@ roundcube_enabled: true roundcube_publish: false +roundcube_chart_ref: "ghp/roundcube" roundcube_use_external_db: true roundcube_short_name: "webmail" roundcube_default_values: diff --git a/roles/roundcube/tasks/main.yaml b/roles/roundcube/tasks/main.yaml index 6ea5ae6..cbc4395 100644 --- a/roles/roundcube/tasks/main.yaml +++ b/roles/roundcube/tasks/main.yaml @@ -12,7 +12,7 @@ create_namespace: true release_namespace: "{{ roundcube_namespace | default(mail_namespace) | default(namespace) }}" release_name: "{{ roundcube_name | default('roundcube') }}" - chart_ref: "{{ roundcube_chart | default('ghp/roundcube') }}" + chart_ref: "{{ roundcube_chart_ref }}" chart_version: "{{ roundcube_version | default(omit) }}" release_values: "{{ roundcube_combined_values | from_yaml }}" wait: true diff --git a/roles/rspamd/defaults/main.yaml b/roles/rspamd/defaults/main.yaml index c6b6413..d74612a 100644 --- a/roles/rspamd/defaults/main.yaml +++ b/roles/rspamd/defaults/main.yaml @@ -1,4 +1,5 @@ rspamd_enabled: true +rspamd_chart_ref: "ghp/rspamd" rspamd_short_name: "rspamd" rspamd_default_values: replicaCount: 1 diff --git a/roles/rspamd/tasks/main.yaml b/roles/rspamd/tasks/main.yaml index a2d299e..c26ba97 100644 --- a/roles/rspamd/tasks/main.yaml +++ b/roles/rspamd/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ rspamd_namespace | default(mail_namespace) | default(namespace) }}" release_name: "{{ rspamd_name | default('rspamd') }}" - chart_ref: "{{ rspamd_chart | default('ghp/rspamd') }}" + chart_ref: "{{ rspamd_chart_ref }}" chart_version: "{{ rspamd_version | default(omit) }}" release_values: "{{ rspamd_combined_values | from_yaml }}" wait: true diff --git a/roles/service-dns/defaults/main.yaml b/roles/service-dns/defaults/main.yaml index 573f749..b0c365d 100644 --- a/roles/service-dns/defaults/main.yaml +++ b/roles/service-dns/defaults/main.yaml @@ -1,8 +1,5 @@ +service_dns_chart_ref: "ghp/external-dns" service_dns_default_values: - image: - registry: registry.0xace.cc - repository: ghp/external-dns - tag: v0.7.6-663-gf76382a5 fullnameOverride: "{{ service_dns_name | default(namespace + '-service-dns') }}" domainFilters: ["{{ service_domain | default(domain) }}"] sources: ['service'] diff --git a/roles/service-dns/tasks/main.yaml b/roles/service-dns/tasks/main.yaml index 498cbb3..5c4beba 100644 --- a/roles/service-dns/tasks/main.yaml +++ b/roles/service-dns/tasks/main.yaml @@ -6,7 +6,7 @@ create_namespace: true release_namespace: "{{ service_dns_namespace | default(dns_namespace) | default(namespace) }}" release_name: "{{ service_dns_name | default(namespace + '-service-dns') }}" - chart_ref: "{{ service_dns_chart | default('ghp/external-dns') }}" + chart_ref: "{{ service_dns_chart_ref }}" chart_version: "{{ service_dns_version | default(omit) }}" release_values: "{{ service_dns_combined_values | from_yaml }}" wait: true diff --git a/roles/wikijs/defaults/main.yaml b/roles/wikijs/defaults/main.yaml index dc81773..8a49d7e 100644 --- a/roles/wikijs/defaults/main.yaml +++ b/roles/wikijs/defaults/main.yaml @@ -1,5 +1,6 @@ wikijs_enabled: true wikijs_publish: false +wikijs_chart_ref: "ghp/wikijs" wikijs_use_external_db: true wikijs_short_name: "wikijs" wikijs_default_values: diff --git a/roles/wikijs/tasks/main.yaml b/roles/wikijs/tasks/main.yaml index 316f10c..6b5311d 100644 --- a/roles/wikijs/tasks/main.yaml +++ b/roles/wikijs/tasks/main.yaml @@ -12,7 +12,7 @@ create_namespace: true release_namespace: "{{ wikijs_namespace | default(namespace) }}" release_name: "{{ wikijs_name | default('wikijs') }}" - chart_ref: "{{ wikijs_chart | default('ghp/wikijs') }}" + chart_ref: "{{ wikijs_chart_ref }}" chart_version: "{{ wikijs_version | default(omit) }}" release_values: "{{ wikijs_combined_values | from_yaml }}" wait: true