diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index fee32c03..c904d991 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,7 +10,7 @@ repos: - id: trailing-whitespace exclude: '.*\.age$' - id: check-yaml - exclude: "^(?:atils/templates|kubernetes/helm-charts)/.*$" + exclude: "^(?:atils/templates|kubernetes/helm-charts|kubernetes/argocd/applications)/.*$" - id: check-added-large-files args: ["--maxkb=5000"] - id: check-executables-have-shebangs diff --git a/kubernetes/argocd/applications/templates/crafty-server.yaml b/kubernetes/argocd/applications/templates/crafty-server.yaml new file mode 100644 index 00000000..49215c50 --- /dev/null +++ b/kubernetes/argocd/applications/templates/crafty-server.yaml @@ -0,0 +1,31 @@ +{{ if index .Values "crafty-server" "enabled" }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: crafty-server + namespace: argocd +spec: + project: default + sources: + - repoURL: tccr.io/truecharts + path: crafty-4 + chart: crafty-4 + targetRevision: {{ index .Values "crafty-server" "version" }} + {{- if index .Values "crafty-server" "configuration" "enabled" }} + helm: + valueFiles: + - "$values/{{ .Values.configuration.configurationDirectory }}/{{ .Values.env }}/crafty-server.yaml" + - repoURL: {{ .Values.configuration.configurationRepo }} + targetRevision: {{ .Values.gitRevision }} + ref: values + {{- end }} + destination: + server: 'https://kubernetes.default.svc' + namespace: crafty + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true +{{end}} diff --git a/kubernetes/argocd/applications/values.yaml b/kubernetes/argocd/applications/values.yaml index 30c37da4..5aff24dc 100644 --- a/kubernetes/argocd/applications/values.yaml +++ b/kubernetes/argocd/applications/values.yaml @@ -1,3 +1,4 @@ +# Global config env: qa-cluster gitRevision: master @@ -7,6 +8,14 @@ configuration: configurationDirectory: kubernetes/argocd/configuration-data configurationRevision: master +# Service-specific config + +crafty-server: + enabled: false + configuration: + enabled: false + version: "9.2.2" + flaresolverr: enabled: false configuration: diff --git a/kubernetes/argocd/configuration-data/prod-cluster/crafty-server.yaml b/kubernetes/argocd/configuration-data/prod-cluster/crafty-server.yaml new file mode 100644 index 00000000..b64ab2df --- /dev/null +++ b/kubernetes/argocd/configuration-data/prod-cluster/crafty-server.yaml @@ -0,0 +1,36 @@ +persistence: + servers: + enabled: true + size: 5Gi + mountPath: /crafty/servers + logs: + enabled: true + size: 5Gi + mountPath: /crafty/logs + import: + enabled: true + size: 5Gi + mountPath: /crafty/import + backups: + enabled: true + size: 5Gi + mountPath: /crafty/backups + config: + enabled: true + size: 5Gi + mountPath: /crafty/app/config + +portal: + open: + enabled: true + +service: + minecraft: + type: NodePort + enabled: true + ports: + minecraft: + enabled: true + port: 25565 + targetPort: 25565 + nodePort: 30002 diff --git a/kubernetes/argocd/configuration-data/prod-cluster/grafana-loki.yaml b/kubernetes/argocd/configuration-data/prod-cluster/grafana-loki.yaml deleted file mode 100644 index 2577eb51..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/grafana-loki.yaml +++ /dev/null @@ -1,18 +0,0 @@ -loki: - auth_enabled: false - -minio: - enabled: true - -backend: - replicas: 2 - -gateway: - autoscaling: - maxReplicas: 2 - -write: - replicas: 2 - -read: - replicas: 2 diff --git a/kubernetes/argocd/configuration-data/prod-cluster/hashi-vault.yaml b/kubernetes/argocd/configuration-data/prod-cluster/hashi-vault.yaml deleted file mode 100644 index ef22cb9f..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/hashi-vault.yaml +++ /dev/null @@ -1,18 +0,0 @@ -server: - standalone: - config: | - ui = true - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - telemetry { - unauthenticated_metrics_access = "true" - } - } - storage "file" { - path = "/vault/data" - } - dev: - enabled: true diff --git a/kubernetes/argocd/configuration-data/prod-cluster/kiali.yaml b/kubernetes/argocd/configuration-data/prod-cluster/kiali.yaml deleted file mode 100644 index 505173ce..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/kiali.yaml +++ /dev/null @@ -1,10 +0,0 @@ -cr: - create: true - namespace: istio-system - spec: - deployment: - server: - web_root: /kiali - external_services: - prometheus: - url: http://prometheus-kube-prometheus-prometheus.monitoring.svc.cluster.local:9090 diff --git a/kubernetes/argocd/configuration-data/prod-cluster/longhorn.yaml b/kubernetes/argocd/configuration-data/prod-cluster/longhorn.yaml deleted file mode 100644 index 6faecea4..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/longhorn.yaml +++ /dev/null @@ -1,2 +0,0 @@ -defaultSettings: - defaultDataPath: /longhorn diff --git a/kubernetes/argocd/configuration-data/prod-cluster/master-stack.yaml b/kubernetes/argocd/configuration-data/prod-cluster/master-stack.yaml index 000598c9..479539ca 100644 --- a/kubernetes/argocd/configuration-data/prod-cluster/master-stack.yaml +++ b/kubernetes/argocd/configuration-data/prod-cluster/master-stack.yaml @@ -1,88 +1,14 @@ env: prod-cluster -gitRevision: feat/jellyseerr +gitRevision: master configuration: configurationRepo: https://github.com/AidanHilt/PersonalMonorepo configurationDirectory: kubernetes/argocd/configuration-data configurationRevision: master -flaresolverr: - enabled: false - configuration: - enabled: false - -gateways: - enabled: false - -grafana-dashboards: - enabled: false - -grafana-datasources: - enabled: false - -grafana-loki: - enabled: false - configuration: - enabled: true - version: "5.47.1" - -grafana-promtail: - enabled: false - configuration: - enabled: false - version: "6.15.5" - -hashi-vault: - enabled: false - configuration: - enabled: true - version: "0.27.0" - -ingress: - enabled: false - -istio: - enabled: false - configuration: - enabled: false - version: "1.21.0" - -istio-base: - enabled: false - configuration: - enabled: false - version: "1.21.0" - -istio-gateway: - enabled: false - configuration: - enabled: false - version: "1.21.0" - -kiali: - enabled: false - configuration: - enabled: true - version: "1.81.0" - -longhorn: - enabled: false - configuration: - enabled: true - version: "1.6.0" - -metallb: - enabled: false - configuration: - enabled: false - version: "0.14.3" - -metallb-config: - enabled: false - -prometheus: - enabled: false +crafty-server: + enabled: true configuration: enabled: true @@ -90,28 +16,3 @@ jellyseerr: enabled: true configuration: enabled: true - -prowlarr: - enabled: false - configuration: - enabled: true - -radarr: - enabled: false - configuration: - enabled: true - -sonarr: - enabled: false - configuration: - enabled: true - -transmission: - enabled: false - configuration: - enabled: true - -video-stack-configuration: - enabled: false - configuration: - enabled: false diff --git a/kubernetes/argocd/configuration-data/prod-cluster/prometheus.yaml b/kubernetes/argocd/configuration-data/prod-cluster/prometheus.yaml deleted file mode 100644 index d37708c7..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/prometheus.yaml +++ /dev/null @@ -1,16 +0,0 @@ -grafana: - grafana.ini: - server: - protocol: http - root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana/" - serve_from_sub_path: true -prometheus: - prometheusSpec: - serviceMonitorSelectorNilUsesHelmValues: false -# It looks like we need a different setup if we're using istio vs ingress. Use this when -# making values for the other envs -# {{ if ne .Values.env "dev-laptop" }} -# env: -# GF_SERVER_ROOT_URL: '%(protocol)s://%(domain)s:%(http_port)s/grafana/' -# GF_SERVE_FROM_SUB_PATH: false -# {{ end }} diff --git a/kubernetes/argocd/configuration-data/prod-cluster/prowlarr.yaml b/kubernetes/argocd/configuration-data/prod-cluster/prowlarr.yaml deleted file mode 100644 index 1b6c91e7..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/prowlarr.yaml +++ /dev/null @@ -1,4 +0,0 @@ -prowlarr: - urlBase: prowlarr - metrics: - enabled: true diff --git a/kubernetes/argocd/configuration-data/prod-cluster/radarr.yaml b/kubernetes/argocd/configuration-data/prod-cluster/radarr.yaml deleted file mode 100644 index 63705e02..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/radarr.yaml +++ /dev/null @@ -1,4 +0,0 @@ -radarr: - urlBase: radarr - metrics: - enabled: true diff --git a/kubernetes/argocd/configuration-data/prod-cluster/sonarr.yaml b/kubernetes/argocd/configuration-data/prod-cluster/sonarr.yaml deleted file mode 100644 index bb6b17c0..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/sonarr.yaml +++ /dev/null @@ -1,4 +0,0 @@ -sonarr: - urlBase: sonarr - metrics: - enabled: true diff --git a/kubernetes/argocd/configuration-data/prod-cluster/transmission.yaml b/kubernetes/argocd/configuration-data/prod-cluster/transmission.yaml deleted file mode 100644 index fc24f92f..00000000 --- a/kubernetes/argocd/configuration-data/prod-cluster/transmission.yaml +++ /dev/null @@ -1,6 +0,0 @@ -transmission: - alternateUi: - enabled: true - -env: - TRANSMISSION_WEB_HOME: /custom/flood-for-transmission diff --git a/kubernetes/argocd/configuration-data/qa-cluster/crafty-server.yaml b/kubernetes/argocd/configuration-data/qa-cluster/crafty-server.yaml new file mode 100644 index 00000000..d8a610d4 --- /dev/null +++ b/kubernetes/argocd/configuration-data/qa-cluster/crafty-server.yaml @@ -0,0 +1,20 @@ +persistence: + # config: + # enabled: true + # mountPath: /crafty/app/config + # servers: + # enabled: true + # mountPath: /crafty/servers + # logs: + # enabled: true + # mountPath: /crafty/logs + # import: + # enabled: true + # mountPath: /crafty/import + # backups: + # enabled: true + # mountPath: /crafty/backups + config: + enabled: true + size: 10Gi + mountPath: /crafty diff --git a/kubernetes/argocd/configuration-data/qa-cluster/master-stack.yaml b/kubernetes/argocd/configuration-data/qa-cluster/master-stack.yaml index 4fa9933c..18152896 100644 --- a/kubernetes/argocd/configuration-data/qa-cluster/master-stack.yaml +++ b/kubernetes/argocd/configuration-data/qa-cluster/master-stack.yaml @@ -1,14 +1,19 @@ env: qa-cluster -gitRevision: feat/jellyseerr +gitRevision: feat/crafty-server configuration: configurationRepo: https://github.com/AidanHilt/PersonalMonorepo configurationDirectory: kubernetes/argocd/configuration-data - configurationRevision: feat/jellyseerr + configurationRevision: feat/crafty-server -flaresolverr: +crafty-server: enabled: true + configuration: + enabled: true + +flaresolverr: + enabled: false configuration: enabled: false @@ -23,7 +28,7 @@ grafana-promtail: enabled: false hashi-vault: - enabled: true + enabled: false configuration: enabled: true @@ -45,27 +50,27 @@ prometheus: enabled: true prowlarr: - enabled: true + enabled: false configuration: enabled: true radarr: - enabled: true + enabled: false configuration: enabled: true sonarr: - enabled: true + enabled: false configuration: enabled: true transmission: - enabled: true + enabled: false configuration: enabled: true video-stack-configuration: - enabled: true + enabled: false configuration: enabled: true @@ -80,12 +85,12 @@ istio-base: enabled: false jellyfin: - enabled: true + enabled: false configuration: enabled: true jellyseerr: - enabled: true + enabled: false configuration: enabled: true @@ -95,4 +100,4 @@ kiali: enabled: true service-monitors: - enabled: true + enabled: false diff --git a/kubernetes/argocd/values.yaml b/kubernetes/argocd/values.yaml index 2e1d60d1..53f4a02c 100644 --- a/kubernetes/argocd/values.yaml +++ b/kubernetes/argocd/values.yaml @@ -2,6 +2,19 @@ ## Ref: https://github.com/argoproj/argo-cd ## extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + labels: + argocd.argoproj.io/secret-type: repository + name: truecharts + namespace: argocd + stringData: + url: tccr.io/truecharts + name: truecharts + type: helm + enableOCI: "true" + - apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/helm-charts/minecraft/.atils_buildconfig.json b/kubernetes/helm-charts/minecraft/.atils_buildconfig.json deleted file mode 100644 index a8b2e27e..00000000 --- a/kubernetes/helm-charts/minecraft/.atils_buildconfig.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "actions": [ - { - "name": "validate-buildconfig", - "command": "check-jsonschema .atils_buildconfig.json --schemafile ../../../json-schemas/atils_buildconfig.json", - "order": 0 - }, - { - "name": "lint", - "command": "helm lint", - "order": 2 - }, - { - "name": "update-dependencies", - "command": "helm dependency update", - "order": 1 - } - ], - "action_sets": [ - { - "name": "validate", - "actions": [ - "validate-buildconfig", - "lint" - ] - }, - { - "name": "ci-build-publish", - "actions": [ - "lint", - "update-dependencies", - "build", - "push" - ] - } - ] -} \ No newline at end of file diff --git a/kubernetes/helm-charts/minecraft/.helmignore b/kubernetes/helm-charts/minecraft/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/kubernetes/helm-charts/minecraft/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/kubernetes/helm-charts/minecraft/Chart.yaml b/kubernetes/helm-charts/minecraft/Chart.yaml deleted file mode 100644 index 1b3a1b07..00000000 --- a/kubernetes/helm-charts/minecraft/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: minecraft -description: A Helm chart to deploy minecraft. Needs some work - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/kubernetes/helm-charts/minecraft/templates/NOTES.txt b/kubernetes/helm-charts/minecraft/templates/NOTES.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/kubernetes/helm-charts/minecraft/templates/_helpers.tpl b/kubernetes/helm-charts/minecraft/templates/_helpers.tpl deleted file mode 100644 index 915a9c91..00000000 --- a/kubernetes/helm-charts/minecraft/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "minecraft.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "minecraft.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "minecraft.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "minecraft.labels" -}} -helm.sh/chart: {{ include "minecraft.chart" . }} -{{ include "minecraft.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "minecraft.selectorLabels" -}} -app.kubernetes.io/name: {{ include "minecraft.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "minecraft.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "minecraft.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/kubernetes/helm-charts/minecraft/templates/minecraft-pvcs.yaml b/kubernetes/helm-charts/minecraft/templates/minecraft-pvcs.yaml deleted file mode 100644 index b4a025e7..00000000 --- a/kubernetes/helm-charts/minecraft/templates/minecraft-pvcs.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: minecraft-volume -spec: - storageClassName: manual - capacity: - storage: 20Gi - accessModes: - - ReadWriteMany - hostPath: - path: "{{ .Values.minecraftPath }}" ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: minecraft-pvc -spec: - storageClassName: manual - volumeName: minecraft-volume - accessModes: - - ReadWriteMany - resources: - requests: - storage: 20Gi - ---- - -{{ if .Values.backups.enabled }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: backup-volume -spec: - storageClassName: manual - capacity: - storage: 20Gi - accessModes: - - ReadWriteMany - hostPath: - path: "{{ .Values.backups.backupPath }}" ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: backup-pvc -spec: - storageClassName: manual - volumeName: backup-volume - accessModes: - - ReadWriteMany - resources: - requests: - storage: 20Gi -{{ end }} \ No newline at end of file diff --git a/kubernetes/helm-charts/minecraft/templates/minecraft-router.yaml b/kubernetes/helm-charts/minecraft/templates/minecraft-router.yaml deleted file mode 100644 index 79aa106b..00000000 --- a/kubernetes/helm-charts/minecraft/templates/minecraft-router.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mc-router ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: services-watcher -rules: -- apiGroups: [""] - resources: ["services"] - verbs: ["watch","list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: mc-router-services-watcher -subjects: -- kind: ServiceAccount - name: mc-router - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: services-watcher - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - name: mc-router -spec: - type: NodePort - ports: - - targetPort: web - name: web - port: 8080 - - targetPort: proxy - name: proxy - port: 25565 - nodePort: 30001 - selector: - app: mc-router ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: mc-router - name: mc-router -spec: - selector: - matchLabels: - app: mc-router - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: mc-router - spec: - serviceAccountName: mc-router - containers: - - image: itzg/mc-router:latest - name: mc-router - args: ["--api-binding", ":8080", "--in-kube-cluster"] - ports: - - name: proxy - containerPort: 25565 - - name: web - containerPort: 8080 \ No newline at end of file diff --git a/kubernetes/helm-charts/minecraft/templates/minecraft-stateful-set.yaml b/kubernetes/helm-charts/minecraft/templates/minecraft-stateful-set.yaml deleted file mode 100644 index 67edeb56..00000000 --- a/kubernetes/helm-charts/minecraft/templates/minecraft-stateful-set.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app: {{ template "minecraft.fullname" . }} - name: {{ template "minecraft.fullname" . }} -spec: - replicas: 1 - serviceName: {{ template "minecraft.fullname" . }} - selector: - matchLabels: - app: {{ template "minecraft.fullname" . }} - template: - metadata: - labels: - app: {{ template "minecraft.fullname" . }} - spec: - nodeSelector: - {{ .Values.nodeSelector | toYaml | indent 1}} - containers: - - name: mc - image: itzg/minecraft-server:java8 - env: - - name: EULA - value: "TRUE" - - - name: TYPE - value: "FORGE" - - - name: VERSION - value: {{ .Values.minecraftVersion }} - - - name: ENABLE_RCON - value: "true" - - - name: RCON_PASSWORD - value: {{ .Values.rconPassword }} - - - name: SNOOPER_ENABLED - value: "false" - - - name: MAX_MEMORY - value: 8G - - - name: INIT_MEMORY - value: 1G - - ports: - - containerPort: 25565 - - containerPort: 25575 - - volumeMounts: - - mountPath: /data - name: data - - resources: - requests: - memory: "1G" - limits: - memory: "8G" - {{ if .Values.backups.enabled }} - - name: backup - image: itzg/mc-backup - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1000 - env: - - name: INITIAL_DELAY - value: "120" - - - name: RCON_PASSWORD - value: {{ .Values.rconPassword }} - - - name: BACKUP_INTERVAL - value: "2h" - - - name: PRUNE_BACKUPS_DAYS - value: "1" - - volumeMounts: - - mountPath: /data - name: data - {{- if .Values.backups.enabled }} - - mountPath: /backups - name: backups - {{- end }} - {{- end }} - volumes: - - name: data - persistentVolumeClaim: - claimName: minecraft-pvc - {{ if .Values.backups.enabled }} - - name: backups - persistentVolumeClaim: - claimName: backup-pvc - {{ end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minecraft.fullname" . }} - annotations: - {{- if .Values.router.default }} - mc-router.itzg.me/defaultServer: "true" - {{- else }} - mc-router.itzg.me/externalServerName: {{ .Values.router.hostname}} - {{- end }} -spec: - type: ClusterIP - selector: - app: {{ template "minecraft.fullname" . }} - ports: - - name: minecraft - port: 25565 - targetPort: 25565 - - - name: rcon - port: 25575 - targetPort: 25575 \ No newline at end of file diff --git a/kubernetes/helm-charts/minecraft/templates/rcon-web.yaml b/kubernetes/helm-charts/minecraft/templates/rcon-web.yaml deleted file mode 100644 index eaa3dfd2..00000000 --- a/kubernetes/helm-charts/minecraft/templates/rcon-web.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: rcon-web-admin - name: rcon-web-admin -spec: - selector: - matchLabels: - app: rcon-web-admin - template: - metadata: - labels: - app: rcon-web-admin - spec: - containers: - - name: rcon-web-admin - image: itzg/rcon - env: - - name: RWA_USERNAME - value: admin - - - name: RWA_PASSWORD - value: {{ .Values.rconWebPassword }} - - - name: RWA_ADMIN - value: "TRUE" - - - name: RWA_RCON_HOST - value: {{ template "minecraft.fullname" . }} - - - name: RWA_RCON_PASSWORD - value: {{ .Values.rconPassword }} - - - name: RWA_WEBSOCKET_URL_SSL - value: wss://192.168.86.3:31001 - - - name: RWA_WEBSOCKET_URL - value: ws://192.168.86.3:31001 - - ports: - - containerPort: 4326 - - containerPort: 4327 ---- -apiVersion: v1 -kind: Service -metadata: - name: rcon-web -spec: - type: ClusterIP - selector: - app: rcon-web-admin - ports: - - name: web - port: 4326 - targetPort: 4326 ---- -apiVersion: v1 -kind: Service -metadata: - name: rcon-websockets -spec: - type: NodePort - selector: - app: rcon-web-admin - ports: - - name: websocket - port: 4327 - targetPort: 4327 - nodePort: 31001 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: rcon-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$2 -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: /{{ template "minecraft.fullname" . }}(/|$)(.*) - pathType: Prefix - backend: - service: - name: rcon-web - port: - number: 4326 \ No newline at end of file diff --git a/kubernetes/helm-charts/minecraft/values.yaml b/kubernetes/helm-charts/minecraft/values.yaml deleted file mode 100644 index 6a1266de..00000000 --- a/kubernetes/helm-charts/minecraft/values.yaml +++ /dev/null @@ -1,31 +0,0 @@ -#The path where your Minecraft data lives, or will live. This will be used with a hostPath -minecraftPath: /storagePool/Samba/MinecraftServers/1.12.2\ TSR\ Server/ - -backups: - enabled: true - backupPath: /storagePool/Samba/MinecraftServers/Backups/TSR - -#This is used for the mc-router, which allows us to easily host multiple servers. If default is set to false, a hostname must be provided -#If default is set to true, in the absence of any other hostname, the router will forward traffic to this server pod -router: - default: true - hostname: "" - -nodeSelector: - videos: "true" - -#The version of Minecraft to run -minecraftVersion: 1.12.2 - -#The password used to authenticate with rcon -rconPassword: TEST #pragma: allowlist secret - -#The password used to sign in to the default account for the rcon web interface -rconWebPassword: TEST #pragma: allowlist secret - - - - - - - diff --git a/kubernetes/ingress/crafty-ingress.yaml b/kubernetes/ingress/crafty-ingress.yaml new file mode 100644 index 00000000..788b1afb --- /dev/null +++ b/kubernetes/ingress/crafty-ingress.yaml @@ -0,0 +1,36 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: crafty + namespace: crafty + annotations: + nginx.ingress.kubernetes.io/proxy-http-version: "1.1" + nginx.ingress.kubernetes.io/proxy-redirect-from: "off" + + nginx.ingress.kubernetes.io/proxy-set-headers: | + Upgrade $http_upgrade + Connection $http_connection + X-Forwarded-Proto https + X-Forwarded-For $proxy_add_x_forwarded_for + Host $http_host + + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/send-timeout: "3600" +spec: + ingressClassName: nginx + rules: + - host: crafty.optiplex.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: crafty-server-crafty-4 + port: + number: 8443 diff --git a/kubernetes/kind/.atils_buildconfig.json b/kubernetes/kind/.atils_buildconfig.json new file mode 100644 index 00000000..ec7472cb --- /dev/null +++ b/kubernetes/kind/.atils_buildconfig.json @@ -0,0 +1,16 @@ +{ + "actions": [ + { + "name": "setup-cluster", + "command": "kind create cluster --config ~/PersonalMonorepo/kubernetes/kind/ingress-cluster.yaml", + "order": 0, + "description": "Create the cluster" + }, + { + "name": "teardown-cluster", + "command": "kind delete cluster", + "order": 1, + "description": "Delete the cluster" + } + ] +} \ No newline at end of file diff --git a/kubernetes/kind/ingress-cluster.yaml b/kubernetes/kind/ingress-cluster.yaml new file mode 100644 index 00000000..89ded6b2 --- /dev/null +++ b/kubernetes/kind/ingress-cluster.yaml @@ -0,0 +1,17 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: + - role: control-plane + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP diff --git a/kubernetes/rke/dev-cluster.yaml b/kubernetes/rke/dev-cluster.yaml index 8994e449..21417b3f 100644 --- a/kubernetes/rke/dev-cluster.yaml +++ b/kubernetes/rke/dev-cluster.yaml @@ -1,38 +1,38 @@ # If you intended to deploy Kubernetes in an air-gapped environment, # please consult the documentation on how to configure custom RKE images. nodes: -- address: 192.168.86.4 - port: 22 - internal_address: "" - role: - - controlplane - - worker - - etcd - hostname_override: test-vm-1 - user: aidan - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] -- address: 192.168.86.5 - port: 22 - internal_address: "" - role: - - controlplane - - worker - - etcd - hostname_override: test-vm-2 - user: aidan - docker_socket: /var/run/docker.sock - ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa - ssh_cert: "" - ssh_cert_path: "" - labels: {} - taints: [] + - address: 192.168.86.4 + port: 22 + internal_address: "" + role: + - controlplane + - worker + - etcd + hostname_override: test-vm-1 + user: aidan + docker_socket: /var/run/docker.sock + ssh_key: "" + ssh_key_path: ~/.ssh/id_ed25519 + ssh_cert: "" + ssh_cert_path: "" + labels: {} + taints: [] + - address: 192.168.86.5 + port: 22 + internal_address: "" + role: + - controlplane + - worker + - etcd + hostname_override: test-vm-2 + user: aidan + docker_socket: /var/run/docker.sock + ssh_key: "" + ssh_key_path: ~/.ssh/id_ed25519 + ssh_cert: "" + ssh_cert_path: "" + labels: {} + taints: [] services: etcd: diff --git a/kubernetes/rke/prod-cluster.yaml b/kubernetes/rke/prod-cluster.yaml index cef10bbe..b58d485d 100644 --- a/kubernetes/rke/prod-cluster.yaml +++ b/kubernetes/rke/prod-cluster.yaml @@ -12,7 +12,7 @@ nodes: user: aidan docker_socket: /var/run/docker.sock ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa + ssh_key_path: ~/.ssh/id_ed25519 ssh_cert: "" ssh_cert_path: "" labels: {} @@ -28,7 +28,7 @@ nodes: user: aidan docker_socket: /var/run/docker.sock ssh_key: "" - ssh_key_path: ~/.ssh/id_rsa + ssh_key_path: ~/.ssh/id_ed25519 ssh_cert: "" ssh_cert_path: "" labels: {} @@ -133,49 +133,49 @@ authentication: webhook: null addons: "" addons_include: [] -system_images: - etcd: rancher/mirrored-coreos-etcd:v3.5.3 - alpine: rancher/rke-tools:v0.1.80 - nginx_proxy: rancher/rke-tools:v0.1.80 - cert_downloader: rancher/rke-tools:v0.1.80 - kubernetes_services_sidecar: rancher/rke-tools:v0.1.80 - kubedns: rancher/mirrored-k8s-dns-kube-dns:1.21.1 - dnsmasq: rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1 - kubedns_sidecar: rancher/mirrored-k8s-dns-sidecar:1.21.1 - kubedns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5 - coredns: rancher/mirrored-coredns-coredns:1.9.0 - coredns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5 - nodelocal: rancher/mirrored-k8s-dns-node-cache:1.21.1 - kubernetes: rancher/hyperkube:v1.23.7-rancher1 - flannel: rancher/mirrored-coreos-flannel:v0.15.1 - flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 - calico_node: rancher/mirrored-calico-node:v3.22.0 - calico_cni: rancher/mirrored-calico-cni:v3.22.0 - calico_controllers: rancher/mirrored-calico-kube-controllers:v3.22.0 - calico_ctl: rancher/mirrored-calico-ctl:v3.22.0 - calico_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0 - canal_node: rancher/mirrored-calico-node:v3.22.0 - canal_cni: rancher/mirrored-calico-cni:v3.22.0 - canal_controllers: rancher/mirrored-calico-kube-controllers:v3.22.0 - canal_flannel: rancher/mirrored-flannelcni-flannel:v0.17.0 - canal_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0 - weave_node: weaveworks/weave-kube:2.8.1 - weave_cni: weaveworks/weave-npc:2.8.1 - pod_infra_container: rancher/mirrored-pause:3.6 - ingress: rancher/nginx-ingress-controller:nginx-1.2.1-rancher1 - ingress_backend: rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1 - ingress_webhook: rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1 - metrics_server: rancher/mirrored-metrics-server:v0.6.1 - windows_pod_infra_container: rancher/mirrored-pause:3.6 - aci_cni_deploy_container: noiro/cnideploy:5.1.1.0.1ae238a - aci_host_container: noiro/aci-containers-host:5.1.1.0.1ae238a - aci_opflex_container: noiro/opflex:5.1.1.0.1ae238a - aci_mcast_container: noiro/opflex:5.1.1.0.1ae238a - aci_ovs_container: noiro/openvswitch:5.1.1.0.1ae238a - aci_controller_container: noiro/aci-containers-controller:5.1.1.0.1ae238a - aci_gbp_server_container: noiro/gbp-server:5.1.1.0.1ae238a - aci_opflex_server_container: noiro/opflex-server:5.1.1.0.1ae238a -ssh_key_path: ~/.ssh/id_rsa +# system_images: +# etcd: rancher/mirrored-coreos-etcd:v3.5.3 +# alpine: rancher/rke-tools:v0.1.80 +# nginx_proxy: rancher/rke-tools:v0.1.80 +# cert_downloader: rancher/rke-tools:v0.1.80 +# kubernetes_services_sidecar: rancher/rke-tools:v0.1.80 +# kubedns: rancher/mirrored-k8s-dns-kube-dns:1.21.1 +# dnsmasq: rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1 +# kubedns_sidecar: rancher/mirrored-k8s-dns-sidecar:1.21.1 +# kubedns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5 +# coredns: rancher/mirrored-coredns-coredns:1.9.0 +# coredns_autoscaler: rancher/mirrored-cluster-proportional-autoscaler:1.8.5 +# nodelocal: rancher/mirrored-k8s-dns-node-cache:1.21.1 +# kubernetes: rancher/hyperkube:v1.23.7-rancher1 +# flannel: rancher/mirrored-coreos-flannel:v0.15.1 +# flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 +# calico_node: rancher/mirrored-calico-node:v3.22.0 +# calico_cni: rancher/mirrored-calico-cni:v3.22.0 +# calico_controllers: rancher/mirrored-calico-kube-controllers:v3.22.0 +# calico_ctl: rancher/mirrored-calico-ctl:v3.22.0 +# calico_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0 +# canal_node: rancher/mirrored-calico-node:v3.22.0 +# canal_cni: rancher/mirrored-calico-cni:v3.22.0 +# canal_controllers: rancher/mirrored-calico-kube-controllers:v3.22.0 +# canal_flannel: rancher/mirrored-flannelcni-flannel:v0.17.0 +# canal_flexvol: rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0 +# weave_node: weaveworks/weave-kube:2.8.1 +# weave_cni: weaveworks/weave-npc:2.8.1 +# pod_infra_container: rancher/mirrored-pause:3.6 +# ingress: rancher/nginx-ingress-controller:nginx-1.2.1-rancher1 +# ingress_backend: rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1 +# ingress_webhook: rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1 +# metrics_server: rancher/mirrored-metrics-server:v0.6.1 +# windows_pod_infra_container: rancher/mirrored-pause:3.6 +# aci_cni_deploy_container: noiro/cnideploy:5.1.1.0.1ae238a +# aci_host_container: noiro/aci-containers-host:5.1.1.0.1ae238a +# aci_opflex_container: noiro/opflex:5.1.1.0.1ae238a +# aci_mcast_container: noiro/opflex:5.1.1.0.1ae238a +# aci_ovs_container: noiro/openvswitch:5.1.1.0.1ae238a +# aci_controller_container: noiro/aci-containers-controller:5.1.1.0.1ae238a +# aci_gbp_server_container: noiro/gbp-server:5.1.1.0.1ae238a +# aci_opflex_server_container: noiro/opflex-server:5.1.1.0.1ae238a +ssh_key_path: ~/.ssh/id_ed25519 ssh_cert_path: "" ssh_agent_auth: false authorization: @@ -183,7 +183,7 @@ authorization: options: {} ignore_docker_version: null enable_cri_dockerd: null -kubernetes_version: "v1.23.14-rancher1-1" +kubernetes_version: "v1.24.17-rancher1-1" private_registries: [] ingress: provider: "" diff --git a/nix/home-manager/modules/zsh.nix b/nix/home-manager/modules/zsh.nix index 940df3c2..6b7e7962 100644 --- a/nix/home-manager/modules/zsh.nix +++ b/nix/home-manager/modules/zsh.nix @@ -24,7 +24,8 @@ ls = "eza"; kctx = "kubectx"; kns = "kubens"; - remouse = "~/Library/Python/3.9/bin/remouse"; + # Let's just leave this, we're doing a fancy ReMarkable setup + #remouse = "~/Library/Python/3.9/bin/remouse"; }; history = { diff --git a/nix/mac-setup/flake.nix b/nix/mac-setup/flake.nix index 3e859d45..aa3912c9 100644 --- a/nix/mac-setup/flake.nix +++ b/nix/mac-setup/flake.nix @@ -26,8 +26,8 @@ username = "aidan"; personalConfig = builtins.fetchGit { url = "https://github.com/AidanHilt/PersonalMonorepo.git"; - ref = "feat/post-install-nix-extras"; - rev = "4df6a8f1d6cda7ca697baf2f72cc09bbbb2f0e88"; #pragma: allowlist secret + ref = "feat/crafty-server"; + rev = "aa671c4145621edc9f4a653d01539bc63a8d1008"; #pragma: allowlist secret } + "/nix"; }; diff --git a/nix/mac-setup/modules/common.nix b/nix/mac-setup/modules/common.nix index 5a5731bd..612a2fdd 100644 --- a/nix/mac-setup/modules/common.nix +++ b/nix/mac-setup/modules/common.nix @@ -7,6 +7,26 @@ let darwin-rebuild switch --flake ~/PersonalMonorepo/nix/mac-setup ''; + nix-commit = pkgs.writeShellScriptBin "nix-commit" '' + cd ~/PersonalMonorepo + git add nix/* + git commit -m "Nix commit" +''; + + argocd-commit = pkgs.writeShellScriptBin "argocd-commit" '' + cd ~/PersonalMonorepo + git add kubernetes/ + git commit -m "Argocd commit" + git push +''; + + update-kubeconfig = pkgs.writeShellScriptBin "update-kubeconfig" '' + cd ~/PersonalMonorepo/nix/mac-setup/secrets + cat ~/.kube/config | pbcopy + agenix -e kubeconfig.age +''; + + in { @@ -16,6 +36,9 @@ in environment.systemPackages = [ update + nix-commit + update-kubeconfig + argocd-commit pkgs.vim pkgs.python3 pkgs.act @@ -41,6 +64,7 @@ in pkgs.defaultbrowser pkgs.rustc pkgs.cargo + pkgs.inetutils inputs.agenix.packages.${pkgs.system}.agenix ]; security.pam.enableSudoTouchIdAuth = true; diff --git a/nix/mac-setup/modules/kubernetes.nix b/nix/mac-setup/modules/kubernetes.nix index c0cc8702..d415dfc2 100644 --- a/nix/mac-setup/modules/kubernetes.nix +++ b/nix/mac-setup/modules/kubernetes.nix @@ -10,8 +10,7 @@ file = ../secrets/kubeconfig.age; path = "/Users/${globals.username}/.kube/config"; owner = "${globals.username}"; - group = "${globals.username}"; - mode = "744"; + mode = "700"; symlink = false; }; } \ No newline at end of file diff --git a/nix/mac-setup/modules/personal.nix b/nix/mac-setup/modules/personal.nix index 0e1ec955..c316a737 100644 --- a/nix/mac-setup/modules/personal.nix +++ b/nix/mac-setup/modules/personal.nix @@ -20,6 +20,7 @@ "orbstack" "postman" "utm" + "prismlauncher" ]; }; diff --git a/nix/mac-setup/modules/rclone.nix b/nix/mac-setup/modules/rclone.nix index 87de584a..f82bbdf6 100644 --- a/nix/mac-setup/modules/rclone.nix +++ b/nix/mac-setup/modules/rclone.nix @@ -13,7 +13,6 @@ file = ../secrets/rclone-config.age; path = "/Users/${globals.username}/.config/rclone/rclone.conf"; owner = "${globals.username}"; - group = "${globals.username}"; mode = "744"; }; diff --git a/nix/mac-setup/secrets/kubeconfig.age b/nix/mac-setup/secrets/kubeconfig.age index 68bfde0a..2e266a54 100644 Binary files a/nix/mac-setup/secrets/kubeconfig.age and b/nix/mac-setup/secrets/kubeconfig.age differ diff --git a/nix/mac-setup/secrets/rclone-config.age b/nix/mac-setup/secrets/rclone-config.age index a972974d..353e52d0 100644 Binary files a/nix/mac-setup/secrets/rclone-config.age and b/nix/mac-setup/secrets/rclone-config.age differ diff --git a/nix/mac-setup/secrets/secrets.nix b/nix/mac-setup/secrets/secrets.nix index ad65b6cf..135141e3 100644 --- a/nix/mac-setup/secrets/secrets.nix +++ b/nix/mac-setup/secrets/secrets.nix @@ -1,10 +1,11 @@ let hyperion = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0qFy2CUA9l719pPIXZiamVM6XdigzIf0ugwp1evnYVWSwKvfh80bBc7LafHjctK8olDnNxmcj7XB4t4fvnwvlL8kGCWhjMzVXjO3lNsYBpafHFDbbC97fQQ3CM+NEWvBlOeWr5xBgPjbLb4bhEqVzAkuv8EnXiscI7N4G2Ywm6Udh8i2RH0lRmp21j6k/ohjf+0c9vT+sAFvnqCfpgWk3QWVi84tcZlmnrFz1HplinQC/B5D2Vo9pASQcA/nToLVK1tvmOh6htU9Wktxs0ILolMPniQ5idES5LiUuKF3mO13OKhj4zq8ChzJC+Rm6bGg8PAMcVbvlLZqmZ15kRPg8SXNEAsnLqyHP9kk2wQgGv+U8BvPl6n6JKJCTXJwHBE+UJZqiWUtplJoQE363I2e1jcz59j+qvKg6C596jYdc0xurqENiux/iDCqnkr+vifyELOc3GLmSTJ8+FIZIOpLiwMtWzDsRAKuo+mSVw+l7bSXKPdUjHlROw8CheJAcN3M= root@hyperion"; + hyperion-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImw5CsGmsR1WTunv5bvNcozmoUSgJf76RMvy6SZtA2R aidan@hyperion"; # We don't use secrets, but we need a second machine that can run agenix to handle setup workvm = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEgIyx4Hs7Tl3Fkg6nlqCpIzzzzsMd5ecgk5Kfh8bJ70ktcetn9OCJ/MkkR0LmHiZNh8dobHS78PqqAendqQa9Yo1SAh4Qu1G8Aw1rd3MhktM+6j22qsNpC2Tomj3Y5kEwpNjW0jEEuJM30JC7RuJshA7/kSs+3mcw1uYr89TcZJba1ZT5d6+NfRyaZ9zrwwmeDHfp73H56D6Il0ppWx9ig0r8v64xhQNTr4T3ilGjDEYj127QmpanWbihrt4uIV7kd9FGGTmeDsdqrPRmz3i9cDYY8j7s9NuCqdnGrOGEdAyGSboXYjUEOEhia/iH6/DhU8dcNlmdEdzaUMi9ewvJgiWc5bM7TC0jMFbEeRyyOsFqbDanLx2ggMVYB9vOpwJ/n/IfhIEXQff6TFXgCvcDIVf94Pq5EsRIM8D4DqArOSYL1+whXG2I/6u9lNmwkJDA7v+ocsG9he4ZlUmcJ184wqbHOibP9k2k6oluGerWGeN5pQv69BvztYYWL1i1zWU= root@Aidans-Macbook-Pro"; in { - "smb-mount-config.age".publicKeys = [ hyperion workvm ]; - "rclone-config.age".publicKeys = [ hyperion workvm ]; - "kubeconfig.age".publicKeys = [ hyperion workvm ]; + "smb-mount-config.age".publicKeys = [ hyperion hyperion-user workvm ]; + "rclone-config.age".publicKeys = [ hyperion hyperion-user workvm ]; + "kubeconfig.age".publicKeys = [ hyperion hyperion-user workvm ]; } \ No newline at end of file diff --git a/nix/mac-setup/secrets/smb-mount-config.age b/nix/mac-setup/secrets/smb-mount-config.age index 7c1a9658..65efd9a2 100644 Binary files a/nix/mac-setup/secrets/smb-mount-config.age and b/nix/mac-setup/secrets/smb-mount-config.age differ